diff options
author | Jeremy Allison <jra@samba.org> | 2016-01-05 11:18:12 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-02-24 11:38:52 +0100 |
commit | 24f3cb04abc4db573adc1f2d69d7539a0233d673 (patch) | |
tree | bdcb6efe7e258974c06bf70570013c7146de23ca | |
parent | eba93d6c0b0de1770266bfa14c419864777c7887 (diff) | |
download | samba-24f3cb04abc4db573adc1f2d69d7539a0233d673.tar.gz |
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | source3/smbd/trans2.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index b6109b2d07a..7de4f0560f3 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -53,6 +53,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn, files_struct *fsp, const SMB_STRUCT_STAT *psbuf); +/**************************************************************************** + Check if an open file handle or pathname is a symlink. +****************************************************************************/ + +static NTSTATUS refuse_symlink(connection_struct *conn, + const files_struct *fsp, + const char *name) +{ + SMB_STRUCT_STAT sbuf; + const SMB_STRUCT_STAT *pst = NULL; + + if (fsp) { + pst = &fsp->fsp_name->st; + } else { + int ret = vfs_stat_smb_basename(conn, + name, + &sbuf); + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + pst = &sbuf; + } + if (S_ISLNK(pst->st_ex_mode)) { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; +} + /******************************************************************** The canonical "check access" based on object handle or path function. ********************************************************************/ |