CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
author: Jeremy Allison <jra@samba.org> 2016-01-05 10:52:50 -0800
committer: Karolin Seeger <kseeger@samba.org> 2016-02-24 11:38:52 +0100
commit: 9e6620b22f3d20b4f05f38ea2a16c7f8ec6ea1b7 (patch)
tree: b51c08fadc0d375a2ea466a4a3bf8c39e816dba6
parent: 7f893ff4e635fd42ab5d02b0ef3504b899f79d04 (diff)
download: samba-9e6620b22f3d20b4f05f38ea2a16c7f8ec6ea1b7.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 5a6a784b16d..8d887a30076 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -882,6 +882,12 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
 		return NT_STATUS_OK;
 	}
 
+	if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
+		DEBUG(10, ("ACL set on symlink %s denied.\n",
+			fsp_str_dbg(fsp)));
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
 	if (psd->owner_sid == NULL) {
 		security_info_sent &= ~SECINFO_OWNER;
 	}
author	Jeremy Allison <jra@samba.org>	2016-01-05 10:52:50 -0800
committer	Karolin Seeger <kseeger@samba.org>	2016-02-24 11:38:52 +0100
commit	9e6620b22f3d20b4f05f38ea2a16c7f8ec6ea1b7 (patch)
tree	b51c08fadc0d375a2ea466a4a3bf8c39e816dba6
parent	7f893ff4e635fd42ab5d02b0ef3504b899f79d04 (diff)
download	samba-9e6620b22f3d20b4f05f38ea2a16c7f8ec6ea1b7.tar.gz