From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 11 Jul 2019 15:01:29 +0000 (+0200)
Subject: CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_... 
X-Git-Tag: samba-4.9.13~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5604883d06d99a2ed3c1122408e266793de40942;p=thirdparty%2Fsamba.git

CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir

We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.

This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 89f539ed430..b6ef02a36b3 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -432,6 +432,7 @@ static bool change_to_user_internal(connection_struct *conn,
 	current_user.conn = conn;
 	current_user.vuid = vuid;
 	current_user.need_chdir = conn->tcon_done;
+	current_user.done_chdir = false;
 
 	if (current_user.need_chdir) {
 		ok = chdir_current_service(conn);