CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.

author Jeremy Allison <jra@samba.org>

Tue, 5 Jan 2016 19:29:38 +0000 (11:29 -0800)

committer Karolin Seeger <kseeger@samba.org>

Wed, 24 Feb 2016 10:38:53 +0000 (11:38 +0100)
author Jeremy Allison <jra@samba.org>
Tue, 5 Jan 2016 19:29:38 +0000 (11:29 -0800)
committer Karolin Seeger <kseeger@samba.org>
Wed, 24 Feb 2016 10:38:53 +0000 (11:38 +0100)
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c

index 3d16d6e3d3976b3bb7ad6c8c2d308028595e905c..04a13c48c2435fa92b1a6f45db1a5afa15e3de1d 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -236,6 +236,7 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
         char **names, **tmp;
         size_t num_names;
         ssize_t sizeret = -1;
+       NTSTATUS status;
  
         if (pnames) {
                 *pnames = NULL;
@@ -246,6 +247,14 @@ NTSTATUS get_ea_names_from_file(TALLOC_CTX *mem_ctx, connection_struct *conn,
                 return NT_STATUS_OK;
         }
  
+       status = refuse_symlink(conn, fsp, fname);
+       if (!NT_STATUS_IS_OK(status)) {
+               /*
+                * Just return no EA's on a symlink.
+                */
+               return NT_STATUS_OK;
+       }
+
         /*
          * TALLOC the result early to get the talloc hierarchy right.
          */
author	Jeremy Allison <jra@samba.org>
	Tue, 5 Jan 2016 19:29:38 +0000 (11:29 -0800)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 24 Feb 2016 10:38:53 +0000 (11:38 +0100)