diff options
author | Jeremy Allison <jra@samba.org> | 2016-12-15 13:06:31 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-03-22 10:48:06 +0100 |
commit | 3bae1508a10689a688b30676bc108f449bc68ddc (patch) | |
tree | 0f035677ff770a67b5e1e467f92b326a853d73d1 | |
parent | 444d49b6b6d3112c482952dd27d65b39128351ad (diff) | |
download | samba-3bae1508a10689a688b30676bc108f449bc68ddc.tar.gz |
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
-rw-r--r-- | source3/smbd/open.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index d628d0be0d7..006be91f09e 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -638,7 +638,28 @@ NTSTATUS fd_open(struct connection_struct *conn, flags |= O_NOFOLLOW; } - fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode); + /* Ensure path is below share definition. */ + if (!lp_widelinks(SNUM(conn))) { + const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn, + smb_fname->base_name); + if (conn_rootdir == NULL) { + return NT_STATUS_NO_MEMORY; + } + /* + * Only follow symlinks within a share + * definition. + */ + fsp->fh->fd = non_widelink_open(conn, + conn_rootdir, + fsp, + smb_fname, + flags, + mode, + 0); + } else { + fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode); + } + if (fsp->fh->fd == -1) { int posix_errno = link_errno_convert(errno); status = map_nt_error_from_unix(posix_errno); |