diff options
author | Jeremy Allison <jra@samba.org> | 2009-09-28 13:26:37 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-09-28 13:27:43 +0200 |
commit | ac075bd679fd59e93ea13780f6651a431002edd0 (patch) | |
tree | 6f2600c94acc5dcf7dda84cd6c1f6ad9c8616df0 /source3/param/loadparm.c | |
parent | 2a422f453dd3ad9978e6ec0ac40c122163c028ed (diff) | |
download | samba-ac075bd679fd59e93ea13780f6651a431002edd0.tar.gz |
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
Diffstat (limited to 'source3/param/loadparm.c')
-rw-r--r-- | source3/param/loadparm.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 553938f974f..4fd25c15bf0 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -6091,6 +6091,11 @@ bool lp_add_home(const char *pszHomename, int iDefaultService, { int i; + if (pszHomename == NULL || user == NULL || pszHomedir == NULL || + pszHomedir[0] == '\0') { + return false; + } + i = add_a_service(ServicePtrs[iDefaultService], pszHomename); if (i < 0) @@ -8062,7 +8067,7 @@ static void lp_add_auto_services(char *str) home = get_user_home_dir(talloc_tos(), p); - if (home && homes >= 0) + if (home && home[0] && homes >= 0) lp_add_home(p, homes, p, home); TALLOC_FREE(home); |