Fix for CVE-2009-2813.

=========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
author: Jeremy Allison <jra@samba.org> 2009-09-28 13:26:37 +0200
committer: Karolin Seeger <kseeger@samba.org> 2009-09-28 13:27:43 +0200
commit: ac075bd679fd59e93ea13780f6651a431002edd0 (patch)
tree: 6f2600c94acc5dcf7dda84cd6c1f6ad9c8616df0 /source3/param/loadparm.c
parent: 2a422f453dd3ad9978e6ec0ac40c122163c028ed (diff)
download: samba-ac075bd679fd59e93ea13780f6651a431002edd0.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 553938f974f..4fd25c15bf0 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -6091,6 +6091,11 @@ bool lp_add_home(const char *pszHomename, int iDefaultService,
 {
 	int i;
 
+	if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
+			pszHomedir[0] == '\0') {
+		return false;
+	}
+
 	i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
 
 	if (i < 0)
@@ -8062,7 +8067,7 @@ static void lp_add_auto_services(char *str)
 
 		home = get_user_home_dir(talloc_tos(), p);
 
-		if (home && homes >= 0)
+		if (home && home[0] && homes >= 0)
 			lp_add_home(p, homes, p, home);
 
 		TALLOC_FREE(home);
author	Jeremy Allison <jra@samba.org>	2009-09-28 13:26:37 +0200
committer	Karolin Seeger <kseeger@samba.org>	2009-09-28 13:27:43 +0200
commit	ac075bd679fd59e93ea13780f6651a431002edd0 (patch)
tree	6f2600c94acc5dcf7dda84cd6c1f6ad9c8616df0 /source3/param/loadparm.c
parent	2a422f453dd3ad9978e6ec0ac40c122163c028ed (diff)
download	samba-ac075bd679fd59e93ea13780f6651a431002edd0.tar.gz