From: Jeremy Allison Date: Tue, 5 Jan 2016 19:18:12 +0000 (-0800) Subject: CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent... X-Git-Tag: samba-4.1.23~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=24f3cb04abc4db573adc1f2d69d7539a0233d673;p=thirdparty%2Fsamba.git CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison Reviewed-by: Michael Adam --- diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index b6109b2d07a..7de4f0560f3 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -53,6 +53,34 @@ static char *store_file_unix_basic_info2(connection_struct *conn, files_struct *fsp, const SMB_STRUCT_STAT *psbuf); +/**************************************************************************** + Check if an open file handle or pathname is a symlink. +****************************************************************************/ + +static NTSTATUS refuse_symlink(connection_struct *conn, + const files_struct *fsp, + const char *name) +{ + SMB_STRUCT_STAT sbuf; + const SMB_STRUCT_STAT *pst = NULL; + + if (fsp) { + pst = &fsp->fsp_name->st; + } else { + int ret = vfs_stat_smb_basename(conn, + name, + &sbuf); + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + pst = &sbuf; + } + if (S_ISLNK(pst->st_ex_mode)) { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; +} + /******************************************************************** The canonical "check access" based on object handle or path function. ********************************************************************/