diff options
author | Jeremy Allison <jra@samba.org> | 2017-03-27 22:10:29 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-03-29 13:57:56 +0200 |
commit | 0839f6c6f4005f217475c70ba60b75bbd72e608e (patch) | |
tree | 2287d4d5cfabc2f86168cd3bc950d7be89efc221 | |
parent | ed694d068081d4849e558fabc0c42085c64ee3b5 (diff) | |
download | samba-0839f6c6f4005f217475c70ba60b75bbd72e608e.tar.gz |
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
Add tests for regular access.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 28 17:05:27 CEST 2017 on sn-devel-144
(cherry picked from commit 4e734fcd1bf82c08aa303ce44e9735acccffcf06)
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Mar 29 13:57:56 CEST 2017 on sn-devel-144
-rwxr-xr-x | source3/script/tests/test_smbclient_s3.sh | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index bf55d0207d6..0694e1b1d98 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -1078,14 +1078,22 @@ test_nosymlinks() slink_name="$LOCAL_PATH/nosymlinks/source" slink_target="$LOCAL_PATH/nosymlinks/target" mkdir_target="$LOCAL_PATH/nosymlinks/a" + dir1="$LOCAL_PATH/nosymlinks/foo" + dir2="$LOCAL_PATH/nosymlinks/foo/bar" + get_target="$LOCAL_PATH/nosymlinks/foo/bar/testfile" rm -f $slink_target rm -f $slink_name rm -rf $mkdir_target + rm -rf $dir1 touch $slink_target ln -s $slink_target $slink_name + mkdir $dir1 + mkdir $dir2 + touch $get_target + # Getting a file through a symlink name should fail. tmpfile=$PREFIX/smbclient_interactive_prompt_commands cat > $tmpfile <<EOF @@ -1140,6 +1148,35 @@ EOF echo "failed - NT_STATUS_XXXX doing mkdir a; mkdir a\\b on \\nosymlinks" false fi + +# Ensure regular file/directory access also works. + cat > $tmpfile <<EOF +cd foo\\bar +ls +get testfile - +quit +EOF + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/nosymlinks -I $SERVER_IP $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + rm -f $tmpfile + + if [ $ret -ne 0 ] ; then + echo "$out" + echo "failed accessing nosymlinks with error $ret" + false + return + fi + + echo "$out" | grep 'NT_STATUS' + ret=$? + if [ $ret -eq 0 ] ; then + echo "$out" + echo "failed - NT_STATUS_XXXX doing cd foo\\bar; get testfile on \\nosymlinks" + false + return + fi } testit "smbclient -L $SERVER_IP" $SMBCLIENT -L $SERVER_IP -N -p 139 || failed=`expr $failed + 1` |