sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-10 12:58:35 +03:00
Code

CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Jeremy Allison 2016-01-05 11:22:12 -08:00 committed by Karolin Seeger
parent 4be4e40788
commit af2e4763bf
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source3/smbd/trans2.c
View File

@ -6924,6 +6924,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
uint16_t num_def_acls;
bool valid_file_acls = True;
bool valid_def_acls = True;
NTSTATUS status;
if (total_data < SMB_POSIX_ACL_HEADER_SIZE) {
return NT_STATUS_INVALID_PARAMETER;
@ -6951,6 +6952,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
return NT_STATUS_INVALID_PARAMETER;
}
status = refuse_symlink(conn, fsp, smb_fname->base_name);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n",
smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp),
(unsigned int)num_file_acls,