git.samba.org - samba.git/commit

author	Tim Beale <timbeale@catalyst.net.nz>
	Fri, 15 Mar 2019 02:20:21 +0000 (15:20 +1300)
committer	Karolin Seeger <kseeger@samba.org>
	Mon, 8 Apr 2019 10:27:34 +0000 (10:27 +0000)
commit	6048103751afa33f1951539ce36224a03b276604
tree	92c802534a2006eb439d7a7ed68564000f458f74	tree
parent	21d501bfa8f66d98d2b5dfd3ffa2a9dd07af5dbd	commit \| diff

CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

python/samba/tests/ntacls_backup.py		diff \| blob \| history
python/samba/tests/posixacl.py		diff \| blob \| history
python/samba/tests/smbd_base.py	[new file with mode: 0644]	blob
selftest/knownfail.d/umask-leak	[new file with mode: 0644]	blob