sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-09-11 09:44:19 +03:00
Code Activity

CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Jeremy Allison
2016-01-05 10:38:28 -08:00
committed by Karolin Seeger
parent 76f6cf5bbf
commit fa1c482083
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
source3/smbd/nttrans.c
View File

@@ -1905,6 +1905,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
DEBUG(10, ("ACL get on symlink %s denied.\n",
fsp_str_dbg(fsp)));
TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
}
if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
SECINFO_GROUP|SECINFO_SACL)) { SECINFO_GROUP|SECINFO_SACL)) {
/* Don't return SECINFO_LABEL if anything else was /* Don't return SECINFO_LABEL if anything else was