git.samba.org / metze / samba / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9f7a622)
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
authorJeremy Allison <jra@samba.org>
Tue, 6 Aug 2019 19:08:09 +0000 (12:08 -0700)
committerKarolin Seeger <kseeger@samba.org>
Tue, 29 Oct 2019 10:04:45 +0000 (10:04 +0000)
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071

Signed-off-by: Jeremy Allison <jra@samba.org>
source3/libsmb/cli_smb2_fnum.c patch | blob | history

diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 15f1420dd8f0a716afdded9ae14be1a88659ef56..4cae87853db23dbf9cd5ac25dbeb8f1e3c394d40 100644 (file)
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -1442,6 +1442,13 @@ NTSTATUS cli_smb2_list(struct cli_state *cli,
                                goto fail;
                        }
 
+                       /* Protect against server attack. */
+                       status = is_bad_finfo_name(cli, finfo);
+                       if (!NT_STATUS_IS_OK(status)) {
+                               smbXcli_conn_disconnect(cli->conn, status);
+                               goto fail;
+                       }
+
                        if (dir_check_ftype((uint32_t)finfo->mode,
                                        (uint32_t)attribute)) {
                                /*
Work in progress branches