sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
37406b9d97
samba-mirror/python/samba/tests
History
Douglas Bagnall 37406b9d97 CVE-2007-4559 python: ensure sanity in our tarfiles 
Python's tarfile module is not very careful about paths that step out
of the target directory. We can be a bit better at little cost.

This was reported in 2007[1], and has recently been publicised [2, for
example].

We were informed of this bug in December 2021 by Luis Alberto López
Alvar, but decided then that there were no circumstances under which
this was a security concern. That is, if you can alter the backup
files, you can already do worse things. But there is a case to guard
against an administrator being tricked into trying to restore a file
that isn't based on a real backup.

[1] https://nvd.nist.gov/vuln/detail/CVE-2007-4559
[2] https://www.theregister.com/2022/09/22/python_vulnerability_tarfile/

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15185

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct  4 03:48:43 UTC 2022 on sn-devel-184
2022-10-04 03:48:43 +00:00
..
bin gpo: Remove sscep depends from Cert Auto Enroll 2022-05-13 14:46:29 +00:00
blackbox pytest/samba_dnsupdate: fix using samba-tool function 2022-09-08 22:34:36 +00:00
dcerpc CVE-2021-23192: python/tests/dcerpc: add tests to check how security contexts relate to fragmented requests 2021-11-09 19:45:34 +00:00
dns_forwarder_helpers libcli/dns.c: dns forwarder port test changes 2021-09-28 09:44:35 +00:00
emulate python compat: remove StringIO 2020-08-11 16:37:35 +00:00
kcc pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
krb5 CVE-2021-20251 tests/krb5: Add tests for password lockout race 2022-09-12 23:07:37 +00:00
samba_tool samba-tool dsacl: Add additional unit test for delete subcommand 2022-09-27 17:46:22 +00:00
__init__.py pytests: remove backwards compat workaround for python 2.6 2022-09-16 05:46:36 +00:00
audit_log_base.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
audit_log_dsdb.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
audit_log_pass_change.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
auth_log_base.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
auth_log_ncalrpc.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
auth_log_netlogon_bad_creds.py python2 reduction: Merge remaining compat code into common 2020-10-02 14:49:36 +00:00
auth_log_netlogon.py python compat: remove text_type 2020-08-11 16:37:35 +00:00
auth_log_pass_change.py selftest: Remove auth_log test for RAP password change 2022-03-17 01:57:38 +00:00
auth_log_samlogon.py python compat: remove text_type 2020-08-11 16:37:35 +00:00
auth_log_winbind.py python2 reduction: Merge remaining compat code into common 2020-10-02 14:49:36 +00:00
auth_log.py pytest:auth_log: expect TLS connections when using ldaps 2022-01-26 11:44:32 +00:00
auth.py PEP8: fix E302: expected 2 blank lines, found 1 2018-08-24 07:49:29 +02:00
common.py python: Move dsdb_Dn to samdb 2020-10-02 13:29:35 +00:00
complex_expressions.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
core.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
cred_opt.py samba-tool: Use authentication file to pass credentials 2022-10-04 02:48:37 +00:00
credentials.py Revert "cli_credentials_parse_string: fix parsing of principals" 2020-11-05 06:30:31 +00:00
dckeytab.py python: wrap 'import dckeytab' in an explanatory function 2020-07-17 07:17:40 +00:00
dns_aging.py pytest/dns_aging: remove duplicate tests 2021-11-22 10:28:34 +00:00
dns_base.py pytest:dns_base: make_txt_update can set arbitrary TTL 2021-06-11 08:38:34 +00:00
dns_forwarder.py libcli/dns.c: dns forwarder port test changes 2021-09-28 09:44:35 +00:00
dns_invalid.py python/tests/dns*: remove unused imports 2018-10-25 21:45:54 +02:00
dns_packet.py CVE-2020-14303 Ensure an empty packet will not DoS the NBT server 2020-07-02 09:01:41 +00:00
dns_tkey.py python: Fix usage strings 2021-09-04 00:10:37 +00:00
dns_wildcard.py pytests/dns: use dnsserver.record_from_string 2021-04-08 21:54:35 +00:00
dns.py samba-tool dns: move dns_record_match to dnsserver.py 2021-06-02 03:56:36 +00:00
docs.py pytest/docs: better spelling of set_smbconf_arbitrary 2021-11-22 11:18:09 +00:00
domain_backup_offline.py CVE-2007-4559 python: ensure sanity in our tarfiles 2022-10-04 03:48:43 +00:00
domain_backup.py CVE-2007-4559 python: ensure sanity in our tarfiles 2022-10-04 03:48:43 +00:00
dsdb_api.py pydsdb: Add API to return strings of known UF_ flags 2021-09-02 05:03:31 +00:00
dsdb_dns.py pydns: expose dns timestamp utils to python, and test 2021-03-29 23:20:37 +00:00
dsdb_lock.py PEP8: fix E303: too many blank lines (2) 2018-08-24 07:49:30 +02:00
dsdb_schema_attributes.py selftest: Add prefix to new schema attributes to avoid flapping dsdb_schema_attributes 2021-09-06 02:32:51 +00:00
dsdb.py ridalloc: Don't skip the first RID of a pool 2021-06-11 07:41:38 +00:00
encrypted_secrets.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
gensec.py python/tests/gensec: add spnego downgrade python tests 2019-10-12 14:33:33 +00:00
get_opt.py python: Streamline option parser of python tools 2021-06-20 23:26:32 +00:00
getdcname.py selftest: Improve an error message 2019-01-11 06:01:01 +01:00
glue.py pyglue: add float2nttime() and nttime2float() 2021-03-01 03:50:35 +00:00
gpo_member.py gpo: Move Group Policy code below gp directory 2022-05-31 20:15:45 +00:00
gpo.py gpo: Move Group Policy code below gp directory 2022-05-31 20:15:45 +00:00
graph.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
group_audit.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
hostconfig.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
imports.py python: Test samdb import 2021-03-10 21:43:34 +00:00
join.py pytest/join: use TestCaseInTempDir.rm_files/dirs 2022-09-06 21:12:36 +00:00
krb5_credentials.py python tests: fix format() strings for Python 2.6 2018-09-21 20:04:23 +02:00
ldap_raw.py s4 cldap server tests: request size limit tests 2020-05-10 21:45:38 +00:00
ldap_referrals.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
ldap_spn.py CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN 2022-01-31 15:27:37 +00:00
ldap_upn_sam_account.py CVE-2020-25722 pytest: test sAMAccountName/userPrincipalName over ldap 2021-11-09 19:45:33 +00:00
libsmb.py pylibsmb: Add create_ex() 2022-09-02 13:31:38 +00:00
loadparm.py PEP8: fix E302: expected 2 blank lines, found 1 2018-08-24 07:49:29 +02:00
logfiles.py tests: adapt logging test for s3. 2022-06-17 01:28:30 +00:00
lsa_string.py python/tests/lsa_string: remove duplicate method 2018-10-25 21:45:59 +02:00
messaging.py python compat: remove integer_types 2020-08-11 16:37:35 +00:00
ndr.py selftest: Add test of NDR marshalling from python, starting with wbint 2021-06-02 03:56:36 +00:00
net_join_no_spnego.py PEP8: fix E302: expected 2 blank lines, found 1 2018-08-24 07:49:29 +02:00
net_join.py PEP8: fix E302: expected 2 blank lines, found 1 2018-08-24 07:49:29 +02:00
netbios.py pytests: move ValidNetbiosNameTests to samba.tests.netbios 2022-09-06 21:12:36 +00:00
netcmd.py pytest/netcmd: fix for new samba-tool api 2022-09-08 22:34:36 +00:00
netlogonsvc.py PEP8: fix E302: expected 2 blank lines, found 1 2018-08-24 07:49:29 +02:00
ntacls_backup.py netcmd: Fix opening SamDB database for offline backup 2021-03-24 02:08:54 +00:00
ntacls.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
ntlm_auth_base.py selftest: Add a new base class for ntlm_auth tests 2018-12-19 12:42:09 +01:00
ntlm_auth_krb5.py tests/ntlm_auth: Port ntlm_auth_krb5 tests to python 2018-12-19 12:42:14 +01:00
ntlm_auth.py ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support LANMAN by default 2022-03-17 01:57:38 +00:00
ntlmdisabled.py python/tests/*: remove unused imports 2018-10-25 21:45:54 +02:00
pam_winbind_chauthtok.py tests/pam_winbind.py: allow upn names to be used in USERNAME with an empty DOMAIN value 2019-09-24 18:30:37 +00:00
pam_winbind_setcred.py selftest: Add a test for PamLogOff 2022-04-08 20:13:37 +00:00
pam_winbind_warn_pwd_expire.py tests/pam_winbind.py: allow upn names to be used in USERNAME with an empty DOMAIN value 2019-09-24 18:30:37 +00:00
pam_winbind.py tests/pam_winbind.py: allow upn names to be used in USERNAME with an empty DOMAIN value 2019-09-24 18:30:37 +00:00
param.py selftest: use 10.53.57.0/8 instead of 127.0.0.1/8 2020-03-27 09:02:38 +00:00
password_hash_fl2003.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
password_hash_fl2008.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
password_hash_gpgme.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
password_hash_ldap.py python compat: remove text_type 2020-08-11 16:37:35 +00:00
password_hash.py python compat: remove text_type 2020-08-11 16:37:35 +00:00
password_quality.py python/tests: remove unused imports 2018-10-25 21:45:54 +02:00
password_test.py python/tests/*: remove unused imports 2018-10-25 21:45:54 +02:00
policy.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
posixacl.py pytest: posixacl getntacl should raise OSError 2022-09-07 05:01:37 +00:00
prefork_restart.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
process_limits.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
provision.py provision: Remove final code for the LDAP backend 2020-04-23 06:12:20 +00:00
pso.py python tests: fix format() strings for Python 2.6 2018-09-21 20:04:23 +02:00
py_credentials.py CVE-2022-32743 tests/py_credentials: Add tests for setting dNSHostName with LogonGetDomainInfo() 2022-07-28 22:47:37 +00:00
registry.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
s3_net_join.py pytest: s3_net_join: avoid name clash 2021-10-20 12:02:33 +00:00
s3idmapdb.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
s3param.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
s3passdb.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
s3registry.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
s3windb.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
safe_tarfile.py CVE-2007-4559 python: ensure sanity in our tarfiles 2022-10-04 03:48:43 +00:00
samba3sam.py python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
samba_upgradedns_lmdb.py test upgradedns: ensure lmdb lock files linked 2019-12-20 07:35:41 +00:00
samdb_api.py pytest/samdb_api: use TestCaseInTempDir.rm_files 2022-09-06 21:12:36 +00:00
samdb.py pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs 2022-09-06 21:12:36 +00:00
sddl.py libcli: Fix parsing access flags from multiple tables 2021-04-21 00:04:36 +00:00
security.py python security: Add unit tests for comparing ACEs and exporting as SDDL 2022-09-27 16:46:35 +00:00
segfault.py pytest/segfault: abort for generate_random_bytes(-1) 2022-08-26 07:59:32 +00:00
sid_strings.py python:tests: Allocate OID range for testing to avoid collisions 2022-08-25 13:55:47 +00:00
smb3unix.py tests: Test basic handling of SMB2_CREATE_TAG_POSIX 2022-09-02 14:31:25 +00:00
smb-notify.py spelling: connnect encrytion exisit expection explicit invalide missmatch paramater paramter partion privilige relase reponse seperate unkown verson authencication progagated 2022-06-10 18:12:33 +00:00
smb.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
smbconf.py lib/smbconf: expose smbconf error codes to python wrapper 2022-06-08 13:13:10 +00:00
smbd_base.py CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact 2019-04-08 10:27:34 +00:00
smbd_fuzztest.py python: tests. Add test for fuzzing smbd crash bug. 2019-12-04 20:02:40 +00:00
source_chars.py HEIMDAL: move code from source4/heimdal* to third_party/heimdal* 2022-01-19 21:41:59 +00:00
source.py python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code 2020-03-27 18:17:35 +00:00
strings.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
subunitrun.py pytests/subunitrun: not usefully executable 2019-07-02 04:21:36 +00:00
tdb_util.py
test_pam_winbind_chauthtok.sh python: Reformat shell scripts 2022-03-03 00:59:34 +00:00
test_pam_winbind_setcred.sh selftest: Add a test for PamLogOff 2022-04-08 20:13:37 +00:00
test_pam_winbind_warn_pwd_expire.sh python: Reformat shell scripts 2022-03-03 00:59:34 +00:00
test_pam_winbind.sh python: Reformat shell scripts 2022-03-03 00:59:34 +00:00
upgrade.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
upgradeprovision.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
upgradeprovisionneeddc.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00
usage.py CVE-2021-20251 tests/krb5: Add tests for password lockout race 2022-09-12 23:07:37 +00:00
xattr.py pytests: heed assertEquals deprecation warning en-masse 2020-02-07 10:37:37 +00:00