summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarolin Seeger <kseeger@samba.org>2009-09-28 20:36:29 +0200
committerKarolin Seeger <kseeger@samba.org>2009-10-01 14:25:01 +0200
commitc7078ea2479e9963f7758e82bda247f48de2d4be (patch)
tree8bb8cece4f8ce34aa6e6792f8223fabb00483010
parenta9cdec42bf587aad5bdd22a196a8f37c68270b23 (diff)
downloadsamba-c7078ea2479e9963f7758e82bda247f48de2d4be.tar.gz
Fix for CVE-2009-2813.
=========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. =========================================================== (cherry picked from commit c1a4a99f8cc5803682a94060efee1adf330c4f02)
Diffstat
-rw-r--r--source/param/loadparm.c7
-rw-r--r--source/smbd/service.c11
2 files changed, 16 insertions, 2 deletions
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 4fc0c06a976..71a0e7b361d 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -2655,6 +2655,11 @@ BOOL lp_add_home(const char *pszHomename, int iDefaultService,
int i;
pstring newHomedir;
+ if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
+ pszHomedir[0] == '\0') {
+ return False;
+ }
+
i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
if (i < 0)
@@ -4135,7 +4140,7 @@ static void lp_add_auto_services(char *str)
if (lp_servicenumber(p) >= 0)
continue;
- if (home && homes >= 0)
+ if (home && home[0] && homes >= 0)
lp_add_home(p, homes, p, home);
}
SAFE_FREE(s);
diff --git a/source/smbd/service.c b/source/smbd/service.c
index bfe9649ea4a..390e606f3ce 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -224,7 +224,7 @@ int add_home_service(const char *service, const char *username, const char *home
{
int iHomeService;
- if (!service || !homedir)
+ if (!service || !homedir || homedir[0] == '\0')
return -1;
if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0)
@@ -801,6 +801,15 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
get_current_username(),
current_user_info.domain,
s, sizeof(s));
+
+ if (s[0] == '\0') {
+ DEBUG(6, ("service [%s] did not resolve to a path\n",
+ lp_servicename(snum)));
+ conn_free(conn);
+ *status = NT_STATUS_BAD_NETWORK_NAME;
+ return NULL;
+ }
+
set_conn_connectpath(conn,s);
DEBUG(3,("Connect path is '%s' for service [%s]\n",s,
lp_servicename(snum)));
View Lorry Controller Status