CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index b6109b2d07a9717729b81fe89153b418c8850463..7de4f0560f360a966abeb924c2766e35f21a9ef7 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -53,6 +53,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
                                files_struct *fsp,
                                const SMB_STRUCT_STAT *psbuf);
 
+/****************************************************************************
+ Check if an open file handle or pathname is a symlink.
+****************************************************************************/
+
+static NTSTATUS refuse_symlink(connection_struct *conn,
+                       const files_struct *fsp,
+                       const char *name)
+{
+       SMB_STRUCT_STAT sbuf;
+       const SMB_STRUCT_STAT *pst = NULL;
+
+       if (fsp) {
+               pst = &fsp->fsp_name->st;
+       } else {
+               int ret = vfs_stat_smb_basename(conn,
+                               name,
+                               &sbuf);
+               if (ret == -1) {
+                       return map_nt_error_from_unix(errno);
+               }
+               pst = &sbuf;
+       }
+       if (S_ISLNK(pst->st_ex_mode)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+       return NT_STATUS_OK;
+}
+
 /********************************************************************
  The canonical "check access" based on object handle or path function.
 ********************************************************************/