diff options
author | Jeremy Allison <jra@samba.org> | 2016-01-05 11:24:36 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-02-24 11:38:52 +0100 |
commit | e3875621cec2b0a301be976331ade51baa087b68 (patch) | |
tree | 92efc81283a41004e853ec9123cdba61d26b727f | |
parent | c4fade47263c72dd3d36005109e29887cf56210d (diff) | |
download | samba-e3875621cec2b0a301be976331ade51baa087b68.tar.gz |
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source3/smbd/trans2.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 5b008f53eb2..3fca8f2e2cc 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -5058,6 +5058,13 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, uint16 num_file_acls = 0; uint16 num_def_acls = 0; + status = refuse_symlink(conn, + fsp, + smb_fname->base_name); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (fsp && fsp->fh->fd != -1) { file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos()); |