git.samba.org
/
metze
/
samba
/
wip.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
9f7a622
)
CVE-2019-10218 - s3: libsmb: Protect SMB2 client code from evil server returned names.
author
Jeremy Allison
<jra@samba.org>
Tue, 6 Aug 2019 19:08:09 +0000
(12:08 -0700)
committer
Karolin Seeger
<kseeger@samba.org>
Tue, 29 Oct 2019 10:04:45 +0000
(10:04 +0000)
Disconnect with NT_STATUS_INVALID_NETWORK_RESPONSE if so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14071
Signed-off-by: Jeremy Allison <jra@samba.org>
source3/libsmb/cli_smb2_fnum.c
patch
|
blob
|
history
diff --git
a/source3/libsmb/cli_smb2_fnum.c
b/source3/libsmb/cli_smb2_fnum.c
index 15f1420dd8f0a716afdded9ae14be1a88659ef56..4cae87853db23dbf9cd5ac25dbeb8f1e3c394d40 100644
(file)
--- a/
source3/libsmb/cli_smb2_fnum.c
+++ b/
source3/libsmb/cli_smb2_fnum.c
@@
-1442,6
+1442,13
@@
NTSTATUS cli_smb2_list(struct cli_state *cli,
goto fail;
}
+ /* Protect against server attack. */
+ status = is_bad_finfo_name(cli, finfo);
+ if (!NT_STATUS_IS_OK(status)) {
+ smbXcli_conn_disconnect(cli->conn, status);
+ goto fail;
+ }
+
if (dir_check_ftype((uint32_t)finfo->mode,
(uint32_t)attribute)) {
/*