git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a5c570e) | patch
CVE-2023-34968: mdssvc: return a fake share path
authorRalph Boehme <slow@samba.org>
Mon, 5 Jun 2023 16:02:20 +0000 (18:02 +0200)
committerJule Anger <janger@samba.org>
Fri, 14 Jul 2023 13:15:01 +0000 (15:15 +0200)
commit091b0265fe42878d676def5d4f5b4f8f3977b0e2
tree907e0b4d50a18fc50607b5802d80783275011f9dtree
parenta5c570e262911874e43e82de601d809aa5b1b729commit | diff
CVE-2023-34968: mdssvc: return a fake share path

Instead of returning the real server-side absolute path of shares and search
results, return a fake absolute path replacing the path of the share with the
share name, iow for a share "test" with a server-side path of "/foo/bar", we
previously returned

  /foo/bar and
  /foo/bar/search/result

and now return

  /test and
  /test/search/result

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source3/rpc_server/mdssvc/mdssvc.c diff | blob | history
source3/rpc_server/mdssvc/mdssvc.h diff | blob | history
source3/rpc_server/mdssvc/srv_mdssvc_nt.c diff | blob | history
Samba Shared Repository