diff options
author | Jeremy Allison <jra@samba.org> | 2017-03-27 11:48:25 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-03-29 10:24:14 +0200 |
commit | 161a078f550f4c9a50a8f42e29b1f27de689362b (patch) | |
tree | 4addfa98a61c2222d9dfb250ee30f2a006929cf4 | |
parent | 4a6d828e8f230ab6578c73bba7eec06ece6f7fac (diff) | |
download | samba-161a078f550f4c9a50a8f42e29b1f27de689362b.tar.gz |
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Back-ported from commit 782172a9bef0040981d20e49519b13dd744df6a0
-rwxr-xr-x | selftest/target/Samba3.pm | 7 | ||||
-rwxr-xr-x | source3/script/tests/test_smbclient_s3.sh | 73 |
2 files changed, 80 insertions, 0 deletions
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 619ae1eafaa..938c4595552 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1191,6 +1191,9 @@ sub provision($$$$$$$$) my $shadow_shrdir="$shadow_basedir/share"; push(@dirs,$shadow_shrdir); + my $nosymlinks_shrdir="$shrdir/nosymlinks"; + push(@dirs,$nosymlinks_shrdir); + # this gets autocreated by winbindd my $wbsockdir="$prefix_abs/winbindd"; my $wbsockprivdir="$lockdir/winbindd_privileged"; @@ -1717,6 +1720,10 @@ sub provision($$$$$$$$) copy = tmp acl_xattr:ignore system acls = yes acl_xattr:default acl style = windows +[nosymlinks] + copy = tmp + path = $nosymlinks_shrdir + follow symlinks = no [kernel_oplocks] copy = tmp kernel oplocks = yes diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index 5e3db5d365b..f13fd348fe5 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -1071,6 +1071,75 @@ done LOGDIR=$(mktemp -d ${PREFIX}/${LOGDIR_PREFIX}_XXXXXX) +# Test follow symlinks can't access symlinks +test_nosymlinks() +{ +# Setup test dirs. + slink_name="$LOCAL_PATH/nosymlinks/source" + slink_target="$LOCAL_PATH/nosymlinks/target" + mkdir_target="$LOCAL_PATH/nosymlinks/a" + + rm -f $slink_target + rm -f $slink_name + rm -rf $mkdir_target + + touch $slink_target + ln -s $slink_target $slink_name + +# Getting a file through a symlink name should fail. + tmpfile=$PREFIX/smbclient_interactive_prompt_commands + cat > $tmpfile <<EOF +get source +quit +EOF + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/nosymlinks -I $SERVER_IP $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + rm -f $tmpfile + + if [ $ret != 0 ] ; then + echo "$out" + echo "failed accessing nosymlinks with error $ret" + false + return + fi + + echo "$out" | grep 'NT_STATUS_ACCESS_DENIED' + ret=$? + if [ $ret != 0 ] ; then + echo "$out" + echo "failed - should get NT_STATUS_ACCESS_DENIED getting \\nosymlinks\\source" + false + fi + +# But we should be able to create and delete directories. + cat > $tmpfile <<EOF +mkdir a +mkdir a\\b +quit +EOF + cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/nosymlinks -I $SERVER_IP $ADDARGS < $tmpfile 2>&1' + eval echo "$cmd" + out=`eval $cmd` + ret=$? + rm -f $tmpfile + + if [ $ret != 0 ] ; then + echo "$out" + echo "failed accessing nosymlinks with error $ret" + false + return + fi + + echo "$out" | grep 'NT_STATUS' + ret=$? + if [ $ret == 0 ] ; then + echo "$out" + echo "failed - NT_STATUS_XXXX doing mkdir a; mkdir a\\b on \\nosymlinks" + false + fi +} testit "smbclient -L $SERVER_IP" $SMBCLIENT -L $SERVER_IP -N -p 139 || failed=`expr $failed + 1` testit "smbclient -L $SERVER -I $SERVER_IP" $SMBCLIENT -L $SERVER -I $SERVER_IP -N -p 139 -c quit || failed=`expr $failed + 1` @@ -1155,6 +1224,10 @@ testit "Ensure widelinks are restricted" \ test_widelinks || \ failed=`expr $failed + 1` +testit "follow symlinks = no" \ + test_nosymlinks || \ + failed=`expr $failed + 1` + testit "rm -rf $LOGDIR" \ rm -rf $LOGDIR || \ failed=`expr $failed + 1` |