diff options
author | Stefan Metzmacher <metze@samba.org> | 2019-07-11 17:02:15 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-08-27 13:16:24 +0200 |
commit | 661a7cdb0aba2c94332ff7b997023ad040aa4f7c (patch) | |
tree | 8f1d96ae3c25c2a50d0fb8e43c4e09c6bca7fe5d /selftest | |
parent | 962d4a98b50a3ce1d58ebc516e8de9335a14dfdb (diff) | |
download | samba-661a7cdb0aba2c94332ff7b997023ad040aa4f7c.tar.gz |
CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()
This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.
It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.
Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.
It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'selftest')
-rw-r--r-- | selftest/knownfail.d/CVE-2019-10197 | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/selftest/knownfail.d/CVE-2019-10197 b/selftest/knownfail.d/CVE-2019-10197 deleted file mode 100644 index f7056bbf3ad..00000000000 --- a/selftest/knownfail.d/CVE-2019-10197 +++ /dev/null @@ -1 +0,0 @@ -^samba3.blackbox.smbclient_s3.*.noperm.share.regression |