CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
author: Jeremy Allison <jra@samba.org> 2016-01-05 11:24:36 -0800
committer: Karolin Seeger <kseeger@samba.org> 2016-02-24 11:38:52 +0100
commit: e3875621cec2b0a301be976331ade51baa087b68 (patch)
tree: 92efc81283a41004e853ec9123cdba61d26b727f
parent: c4fade47263c72dd3d36005109e29887cf56210d (diff)
download: samba-e3875621cec2b0a301be976331ade51baa087b68.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 5b008f53eb2..3fca8f2e2cc 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5058,6 +5058,13 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
 				uint16 num_file_acls = 0;
 				uint16 num_def_acls = 0;
 
+				status = refuse_symlink(conn,
+						fsp,
+						smb_fname->base_name);
+				if (!NT_STATUS_IS_OK(status)) {
+					return status;
+				}
+
 				if (fsp && fsp->fh->fd != -1) {
 					file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp,
 						talloc_tos());
author	Jeremy Allison <jra@samba.org>	2016-01-05 11:24:36 -0800
committer	Karolin Seeger <kseeger@samba.org>	2016-02-24 11:38:52 +0100
commit	e3875621cec2b0a301be976331ade51baa087b68 (patch)
tree	92efc81283a41004e853ec9123cdba61d26b727f
parent	c4fade47263c72dd3d36005109e29887cf56210d (diff)
download	samba-e3875621cec2b0a301be976331ade51baa087b68.tar.gz