diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-03-21 17:24:14 +1300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-04-05 09:48:18 +0200 |
commit | c92ac5ada094a2f3f10f15b65d6ba5c771261acd (patch) | |
tree | 9b408a58328f409c3bba49ea9c62a1388c7a58df /source3/smbd | |
parent | 30db48655f7aae97586d9143b0c0e00308392115 (diff) | |
download | samba-c92ac5ada094a2f3f10f15b65d6ba5c771261acd.tar.gz |
CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()
mkdir() is the other call that requires a umask of 0 in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/pysmbd.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 179a1ee2943..845ea25f936 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -739,6 +739,8 @@ static PyObject *py_smbd_mkdir(PyObject *self, PyObject *args, PyObject *kwargs) TALLOC_CTX *frame = talloc_stackframe(); struct connection_struct *conn = NULL; struct smb_filename *smb_fname = NULL; + int ret; + mode_t saved_umask; if (!PyArg_ParseTupleAndKeywords(args, kwargs, @@ -769,8 +771,15 @@ static PyObject *py_smbd_mkdir(PyObject *self, PyObject *args, PyObject *kwargs) return NULL; } + /* we want total control over the permissions on created files, + so set our umask to 0 */ + saved_umask = umask(0); + + ret = SMB_VFS_MKDIR(conn, smb_fname, 00755); - if (SMB_VFS_MKDIR(conn, smb_fname, 00755) == -1) { + umask(saved_umask); + + if (ret == -1) { DBG_ERR("mkdir error=%d (%s)\n", errno, strerror(errno)); TALLOC_FREE(frame); return NULL; |