diff options
author | Jeremy Allison <jra@samba.org> | 2019-08-06 12:08:09 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-10-29 10:04:45 +0000 |
commit | 7ccc302b4bb9e0a9b695074959dc45e6fc4902bb (patch) | |
tree | 67bdddbd586be1bb9df355175dd008150ae40e5c /source3/libsmb | |
parent | 9f7a622b2bd4a42fad3e669e83fe07c5d7115dc6 (diff) | |
download | samba-7ccc302b4bb9e0a9b695074959dc45e6fc4902bb.tar.gz |
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/cli_smb2_fnum.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c index 15f1420dd8f..4cae87853db 100644 --- a/source3/libsmb/cli_smb2_fnum.c +++ b/source3/libsmb/cli_smb2_fnum.c @@ -1442,6 +1442,13 @@ NTSTATUS cli_smb2_list(struct cli_state *cli, goto fail; } + /* Protect against server attack. */ + status = is_bad_finfo_name(cli, finfo); + if (!NT_STATUS_IS_OK(status)) { + smbXcli_conn_disconnect(cli->conn, status); + goto fail; + } + if (dir_check_ftype((uint32_t)finfo->mode, (uint32_t)attribute)) { /* |