diff options
author | Jeremy Allison <jra@samba.org> | 2016-12-19 12:13:20 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2017-03-22 10:48:05 +0100 |
commit | 5e75a5289c1a6bbb72ce6d82a6cf12e8ad2b5b24 (patch) | |
tree | 8858fdff811a5fd165223cc0901921d1e739b9cf | |
parent | 3e2bb3fcacf7e1eea9edb26f8eb38dc447cb5f6b (diff) | |
download | samba-5e75a5289c1a6bbb72ce6d82a6cf12e8ad2b5b24.tar.gz |
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
-rw-r--r-- | source3/smbd/dir.c | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 2b107a9b69b..12edf80ee02 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1761,7 +1761,17 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, struct smbd_server_connection *sconn = conn->sconn; if (!dirp) { - return NULL; + goto fail; + } + + if (!fsp->is_directory) { + errno = EBADF; + goto fail; + } + + if (fsp->fh->fd == -1) { + errno = EBADF; + goto fail; } dirp->conn = conn; @@ -1778,18 +1788,16 @@ static struct smb_Dir *OpenDir_fsp(TALLOC_CTX *mem_ctx, connection_struct *conn, } talloc_set_destructor(dirp, smb_Dir_destructor); - if (fsp->is_directory && fsp->fh->fd != -1) { - dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr); - if (dirp->dir != NULL) { - dirp->fsp = fsp; - } else { - DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned " - "NULL (%s)\n", - dirp->dir_smb_fname->base_name, - strerror(errno))); - if (errno != ENOSYS) { - return NULL; - } + dirp->dir = SMB_VFS_FDOPENDIR(fsp, mask, attr); + if (dirp->dir != NULL) { + dirp->fsp = fsp; + } else { + DEBUG(10,("OpenDir_fsp: SMB_VFS_FDOPENDIR on %s returned " + "NULL (%s)\n", + dirp->dir_smb_fname->base_name, + strerror(errno))); + if (errno != ENOSYS) { + return NULL; } } |