From c4fade47263c72dd3d36005109e29887cf56210d Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 5 Jan 2016 11:22:12 -0800
Subject: CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 source3/smbd/trans2.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 7de4f0560f3..5b008f53eb2 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -6567,6 +6567,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
 	uint16 num_def_acls;
 	bool valid_file_acls = True;
 	bool valid_def_acls = True;
+	NTSTATUS status;
 
 	if (total_data < SMB_POSIX_ACL_HEADER_SIZE) {
 		return NT_STATUS_INVALID_PARAMETER;
@@ -6594,6 +6595,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	status = refuse_symlink(conn, fsp, smb_fname->base_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n",
 		smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp),
 		(unsigned int)num_file_acls,
-- 
cgit v1.2.1