From 5b0500f0c90c7188acd39e657a57000072eb263d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 31 Oct 2023 15:38:46 +0100
Subject: [PATCH] smbd: Protect ea-reading on symlinks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/smbd/smb2_trans2.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c
index 604d7890587..8b044948c3d 100644
--- a/source3/smbd/smb2_trans2.c
+++ b/source3/smbd/smb2_trans2.c
@@ -148,10 +148,15 @@ NTSTATUS get_ea_value_fsp(TALLOC_CTX *mem_ctx,
 	char *val = NULL;
 	ssize_t sizeret;
 	size_t max_xattr_size = 0;
+	NTSTATUS status;
 
 	if (fsp == NULL) {
 		return NT_STATUS_INVALID_HANDLE;
 	}
+	status = refuse_symlink_fsp(fsp);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
 
 	max_xattr_size = lp_smbd_max_xattr_size(SNUM(fsp->conn));
 
@@ -212,7 +217,7 @@ NTSTATUS get_ea_names_from_fsp(TALLOC_CTX *mem_ctx,
 	}
 	*pnum_names = 0;
 
-	if (fsp == NULL) {
+	if ((fsp == NULL) || !NT_STATUS_IS_OK(refuse_symlink_fsp(fsp))) {
 		/*
 		 * Callers may pass fsp == NULL when passing smb_fname->fsp of a
 		 * symlink. This is ok, handle it here, by just return no EA's
-- 
2.47.3