git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a842447) | patch
CVE-2023-34968: mdssvc: return a fake share path
authorRalph Boehme <slow@samba.org>
Mon, 5 Jun 2023 16:02:20 +0000 (18:02 +0200)
committerJule Anger <janger@samba.org>
Fri, 14 Jul 2023 13:12:34 +0000 (15:12 +0200)
commit7a4ed01ea6c352543a4937cafc7a4a7825e38d9b
tree236fdf646b8e7af57d05681399f0ab945ec61ddftree
parenta84244705de1ec98cfaf4f608e0cbe7fe3c1eafecommit | diff
CVE-2023-34968: mdssvc: return a fake share path

Instead of returning the real server-side absolute path of shares and search
results, return a fake absolute path replacing the path of the share with the
share name, iow for a share "test" with a server-side path of "/foo/bar", we
previously returned

  /foo/bar and
  /foo/bar/search/result

and now return

  /test and
  /test/search/result

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source3/rpc_server/mdssvc/mdssvc.c diff | blob | history
source3/rpc_server/mdssvc/mdssvc.h diff | blob | history
source3/rpc_server/mdssvc/srv_mdssvc_nt.c diff | blob | history
Samba Shared Repository