src/patches/samba/CVE-2017-7494-v3-6.patch

   1 From b719a4d53fc6d590f4fac340d956344a5246de4e Mon Sep 17 00:00:00 2001
   2 From: Volker Lendecke <vl@samba.org>
   3 Date: Mon, 8 May 2017 21:40:40 +0200
   4 Subject: [PATCH] CVE-2017-7494: Refuse to open pipe names with / inside
   5
   6 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
   7
   8 Signed-off-by: Volker Lendecke <vl@samba.org>
   9 Reviewed-by: Andreas Schneider <asn@samba.org>
  10 ---
  11  source3/rpc_server/srv_pipe.c | 5 +++++
  12  1 file changed, 5 insertions(+)
  13
  14 diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
  15 index ec24fe7..b80e3f5 100644
  16 --- a/source3/rpc_server/srv_pipe.c
  17 +++ b/source3/rpc_server/srv_pipe.c
  18 @@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
  19                 pipename += 1;
  20         }
  21
  22 +       if (strchr(pipename, '/')) {
  23 +               DEBUG(1,("Refusing open on pipe %s\n", pipename));
  24 +               return false;
  25 +       }
  26 +
  27         if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
  28                 DEBUG(10, ("refusing spoolss access\n"));
  29                 return false;
  30 --
  31 2.9.4
  32