From: Jeremy Allison <jra@samba.org>
Date: Thu, 15 Dec 2016 20:52:13 +0000 (-0800)
Subject: CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
X-Git-Tag: samba-4.4.12~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=17b90d640ac941f00c93d0eefc81ac5e429faaf6;p=thirdparty%2Fsamba.git

CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
---

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 1c67684b8bf..a014b5e9974 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -363,8 +363,7 @@ NTSTATUS fd_open(struct connection_struct *conn,
 	struct smb_filename *smb_fname = fsp->fsp_name;
 	NTSTATUS status = NT_STATUS_OK;
 
-#ifdef O_NOFOLLOW
-	/* 
+	/*
 	 * Never follow symlinks on a POSIX client. The
 	 * client should be doing this.
 	 */
@@ -372,12 +371,10 @@ NTSTATUS fd_open(struct connection_struct *conn,
 	if ((fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) || !lp_follow_symlinks(SNUM(conn))) {
 		flags |= O_NOFOLLOW;
 	}
-#endif
 
 	fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
 	if (fsp->fh->fd == -1) {
 		int posix_errno = errno;
-#ifdef O_NOFOLLOW
 #if defined(ENOTSUP) && defined(OSF1)
 		/* handle special Tru64 errno */
 		if (errno == ENOTSUP) {
@@ -394,7 +391,6 @@ NTSTATUS fd_open(struct connection_struct *conn,
 		if (errno == EMLINK) {
 			posix_errno = ELOOP;
 		}
-#endif /* O_NOFOLLOW */
 		status = map_nt_error_from_unix(posix_errno);
 		if (errno == EMFILE) {
 			static time_t last_warned = 0L;