CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_...

We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.

This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 0952c0aff59d887aba246f6bff12ccdc5583a4bd..2b3b25fa446986d74f054ec7832af38bf98bdd12 100644 (file)
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -427,6 +427,7 @@ static bool change_to_user_internal(connection_struct *conn,
        current_user.conn = conn;
        current_user.vuid = vuid;
        current_user.need_chdir = conn->tcon_done;
+       current_user.done_chdir = false;
 
        if (current_user.need_chdir) {
                ok = chdir_current_service(conn);