diff options
author | Jeremy Allison <jra@samba.org> | 2017-03-27 10:46:47 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-03-29 10:24:14 +0200 |
commit | 4a6d828e8f230ab6578c73bba7eec06ece6f7fac (patch) | |
tree | c77e1d005d8836dfb9509be81608eef16da86890 | |
parent | 2e00feb278e174fd28d003c4d5a576f91c0bd7d0 (diff) | |
download | samba-4a6d828e8f230ab6578c73bba7eec06ece6f7fac.tar.gz |
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)
-rw-r--r-- | source3/smbd/vfs.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 93726bd0f67..c358f78408f 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -1277,8 +1277,11 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) /* fname can't have changed in resolved_path. */ const char *p = &resolved_name[rootdir_len]; - /* *p can be '\0' if fname was "." */ - if (*p == '\0' && ISDOT(fname)) { + /* + * UNIX filesystem semantics, names consisting + * only of "." or ".." CANNOT be symlinks. + */ + if (ISDOT(fname) || ISDOTDOT(fname)) { goto out; } |