git.samba.org
/
samba.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
fc6022b
)
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
author
Jeremy Allison
<jra@samba.org>
Tue, 6 Aug 2019 19:08:09 +0000
(12:08 -0700)
committer
Karolin Seeger
<kseeger@samba.org>
Thu, 24 Oct 2019 10:34:28 +0000
(12:34 +0200)
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
source3/libsmb/cli_smb2_fnum.c
patch
|
blob
|
history
diff --git
a/source3/libsmb/cli_smb2_fnum.c
b/source3/libsmb/cli_smb2_fnum.c
index 1cfa50ffbac62886f452818b497c3d234efbf8e3..3cdf68dc24b6dba6ce2377e99bc8270fa3f77ad1 100644
(file)
--- a/
source3/libsmb/cli_smb2_fnum.c
+++ b/
source3/libsmb/cli_smb2_fnum.c
@@
-1017,6
+1017,13
@@
NTSTATUS cli_smb2_list(struct cli_state *cli,
goto fail;
}
+ /* Protect against server attack. */
+ status = is_bad_finfo_name(cli, finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ smbXcli_conn_disconnect(cli->conn, status);
+ goto fail;
+ }
+
if (dir_check_ftype((uint32_t)finfo->mode,
(uint32_t)attribute)) {
/*