diff options
author | Jeremy Allison <jra@samba.org> | 2016-01-05 11:22:12 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-02-24 11:38:52 +0100 |
commit | c4fade47263c72dd3d36005109e29887cf56210d (patch) | |
tree | 7f3a98598be230f88171a18a7520f431852bac32 | |
parent | 9e6620b22f3d20b4f05f38ea2a16c7f8ec6ea1b7 (diff) | |
download | samba-c4fade47263c72dd3d36005109e29887cf56210d.tar.gz |
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source3/smbd/trans2.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 7de4f0560f3..5b008f53eb2 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -6567,6 +6567,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, uint16 num_def_acls; bool valid_file_acls = True; bool valid_def_acls = True; + NTSTATUS status; if (total_data < SMB_POSIX_ACL_HEADER_SIZE) { return NT_STATUS_INVALID_PARAMETER; @@ -6594,6 +6595,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } + status = refuse_symlink(conn, fsp, smb_fname->base_name); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n", smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp), (unsigned int)num_file_acls, |