CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_...

We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.

This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 89f539ed430079016e05a9b42c5b02c316c1afe1..b6ef02a36b3a3e2a30a6487a01d89a771b51635a 100644 (file)
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -432,6 +432,7 @@ static bool change_to_user_internal(connection_struct *conn,
        current_user.conn = conn;
        current_user.vuid = vuid;
        current_user.need_chdir = conn->tcon_done;
+       current_user.done_chdir = false;
 
        if (current_user.need_chdir) {
                ok = chdir_current_service(conn);