sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()

Browse Source 
dptr_CloseDir() will close and invalidate the fsp's file descriptor, we
have to reopen it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
This commit is contained in:
Ralph Boehme 2017-03-19 15:58:17 +01:00 committed by Karolin Seeger
parent 1e0df575bc
commit 47b6b6f8f5
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
source3/smbd/smb2_query_directory.c
View File

@ -24,6 +24,7 @@
#include "../libcli/smb/smb_common.h"
#include "trans2.h"
#include "../lib/util/tevent_ntstatus.h"
#include "system/filesys.h"
static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@ -322,7 +323,23 @@ static struct tevent_req *smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
}
if (in_flags & SMB2_CONTINUE_FLAG_REOPEN) {
int flags;
dptr_CloseDir(fsp);
/*
* dptr_CloseDir() will close and invalidate the fsp's file
* descriptor, we have to reopen it.
*/
flags = O_RDONLY;
#ifdef O_DIRECTORY
flags |= O_DIRECTORY;
#endif
status = fd_open(conn, fsp, flags, 0);
if (tevent_req_nterror(req, status)) {
return tevent_req_post(req, ev);
}
}
if (!smbreq->posix_pathnames) {