sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Jeremy Allison 2016-01-05 10:38:28 -08:00 committed by Stefan Metzmacher
parent b551cd83ef
commit 306a7f39ad
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source3/smbd/nttrans.c
View File

@ -1960,6 +1960,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
DEBUG(10, ("ACL get on symlink %s denied.\n",
fsp_str_dbg(fsp)));
TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
SECINFO_GROUP|SECINFO_SACL)) {
/* Don't return SECINFO_LABEL if anything else was