s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).

In a UNIX filesystem, the names "." and ".." by definition can *never* be symlinks - they are already reserved names. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> (cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)
author: Jeremy Allison <jra@samba.org> 2017-03-27 10:46:47 -0700
committer: Karolin Seeger <kseeger@samba.org> 2017-03-31 08:18:29 +0200
commit: aff09ec04e172ae11eaa29b16ec42c52d9596d92 (patch)
tree: 518f6500412ced2d180fd6848738e3770ed489e7
parent: 452d0dd843578c5a53b5a5f0aa95bbf6283edf2b (diff)
download: samba-aff09ec04e172ae11eaa29b16ec42c52d9596d92.tar.gz
1 files changed, 5 insertions, 2 deletions
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 93726bd0f67..c358f78408f 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1277,8 +1277,11 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
 			/* fname can't have changed in resolved_path. */
 			const char *p = &resolved_name[rootdir_len];
 
-			/* *p can be '\0' if fname was "." */
-			if (*p == '\0' && ISDOT(fname)) {
+			/*
+			 * UNIX filesystem semantics, names consisting
+			 * only of "." or ".." CANNOT be symlinks.
+			 */
+			if (ISDOT(fname) || ISDOTDOT(fname)) {
 				goto out;
 			}
author	Jeremy Allison <jra@samba.org>	2017-03-27 10:46:47 -0700
committer	Karolin Seeger <kseeger@samba.org>	2017-03-31 08:18:29 +0200
commit	aff09ec04e172ae11eaa29b16ec42c52d9596d92 (patch)
tree	518f6500412ced2d180fd6848738e3770ed489e7
parent	452d0dd843578c5a53b5a5f0aa95bbf6283edf2b (diff)
download	samba-aff09ec04e172ae11eaa29b16ec42c52d9596d92.tar.gz