CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.

author Jeremy Allison <jra@samba.org>

Tue, 5 Jan 2016 18:38:28 +0000 (10:38 -0800)

committer Stefan Metzmacher <metze@samba.org>

Thu, 10 Mar 2016 05:52:22 +0000 (06:52 +0100)
author Jeremy Allison <jra@samba.org>
Tue, 5 Jan 2016 18:38:28 +0000 (10:38 -0800)
committer Stefan Metzmacher <metze@samba.org>
Thu, 10 Mar 2016 05:52:22 +0000 (06:52 +0100)
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c

index c6ad095919b21a5ffea5abf280430e8ee9917305..f0088f77abd17b63a13695c25648963767921bb0 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1960,6 +1960,13 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
                 return NT_STATUS_ACCESS_DENIED;
         }
  
+       if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
+               DEBUG(10, ("ACL get on symlink %s denied.\n",
+                       fsp_str_dbg(fsp)));
+               TALLOC_FREE(frame);
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
         if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
                         SECINFO_GROUP|SECINFO_SACL)) {
                 /* Don't return SECINFO_LABEL if anything else was
author	Jeremy Allison <jra@samba.org>
	Tue, 5 Jan 2016 18:38:28 +0000 (10:38 -0800)
committer	Stefan Metzmacher <metze@samba.org>
	Thu, 10 Mar 2016 05:52:22 +0000 (06:52 +0100)