s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017...

In a UNIX filesystem, the names "." and ".." by definition can *never*
be symlinks - they are already reserved names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 93726bd0f671207d02b1cbbb1dc7526d740602a5..c358f78408f61741c756d5bb86de826fdff2354e 100644 (file)
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1277,8 +1277,11 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
                        /* fname can't have changed in resolved_path. */
                        const char *p = &resolved_name[rootdir_len];
 
-                       /* *p can be '\0' if fname was "." */
-                       if (*p == '\0' && ISDOT(fname)) {
+                       /*
+                        * UNIX filesystem semantics, names consisting
+                        * only of "." or ".." CANNOT be symlinks.
+                        */
+                       if (ISDOT(fname) || ISDOTDOT(fname)) {
                                goto out;
                        }