CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index d30d0c067b259b951b5c1d5d60b1b27cff08aea5..252be331fedcfe0fa5bedda8c6092027fa0141b0 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -5346,6 +5346,13 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
                                uint16_t num_file_acls = 0;
                                uint16_t num_def_acls = 0;
 
+                               status = refuse_symlink(conn,
+                                               fsp,
+                                               smb_fname->base_name);
+                               if (!NT_STATUS_IS_OK(status)) {
+                                       return status;
+                               }
+
                                if (fsp && fsp->fh->fd != -1) {
                                        file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp,
                                                talloc_tos());