sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code

CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Jeremy Allison 2016-01-05 10:52:50 -08:00 committed by Stefan Metzmacher
parent 306a7f39ad
commit 9ee4ddd366
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source3/smbd/nttrans.c
View File

@ -893,6 +893,12 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
return NT_STATUS_OK;
}
if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
DEBUG(10, ("ACL set on symlink %s denied.\n",
fsp_str_dbg(fsp)));
return NT_STATUS_ACCESS_DENIED;
}
if (psd->owner_sid == NULL) {
security_info_sent &= ~SECINFO_OWNER;
}