CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.

author Jeremy Allison <jra@samba.org>

Tue, 5 Jan 2016 19:22:12 +0000 (11:22 -0800)

committer Karolin Seeger <kseeger@samba.org>

Wed, 24 Feb 2016 10:38:52 +0000 (11:38 +0100)
author Jeremy Allison <jra@samba.org>
Tue, 5 Jan 2016 19:22:12 +0000 (11:22 -0800)
committer Karolin Seeger <kseeger@samba.org>
Wed, 24 Feb 2016 10:38:52 +0000 (11:38 +0100)
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c

index 7de4f0560f360a966abeb924c2766e35f21a9ef7..5b008f53eb275f0b9dbc4d56cdbd675827737f7a 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -6567,6 +6567,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
         uint16 num_def_acls;
         bool valid_file_acls = True;
         bool valid_def_acls = True;
+       NTSTATUS status;
  
         if (total_data < SMB_POSIX_ACL_HEADER_SIZE) {
                 return NT_STATUS_INVALID_PARAMETER;
@@ -6594,6 +6595,11 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
+       status = refuse_symlink(conn, fsp, smb_fname->base_name);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
         DEBUG(10,("smb_set_posix_acl: file %s num_file_acls = %u, num_def_acls = %u\n",
                 smb_fname ? smb_fname_str_dbg(smb_fname) : fsp_str_dbg(fsp),
                 (unsigned int)num_file_acls,
author	Jeremy Allison <jra@samba.org>
	Tue, 5 Jan 2016 19:22:12 +0000 (11:22 -0800)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 24 Feb 2016 10:38:52 +0000 (11:38 +0100)