From: Jeremy Allison <jra@samba.org>
Date: Thu, 15 Dec 2016 21:06:31 +0000 (-0800)
Subject: CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
X-Git-Tag: samba-4.4.12~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9746c7e15afd85645f69dcefc290c4c63177b4e9;p=thirdparty%2Fsamba.git

CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12496

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
---

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index aa5df2caf3b..0b6648739fb 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -634,7 +634,28 @@ NTSTATUS fd_open(struct connection_struct *conn,
 		flags |= O_NOFOLLOW;
 	}
 
-	fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
+	/* Ensure path is below share definition. */
+	if (!lp_widelinks(SNUM(conn))) {
+		const char *conn_rootdir = SMB_VFS_CONNECTPATH(conn,
+						smb_fname->base_name);
+		if (conn_rootdir == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		/*
+		 * Only follow symlinks within a share
+		 * definition.
+		 */
+		fsp->fh->fd = non_widelink_open(conn,
+					conn_rootdir,
+					fsp,
+					smb_fname,
+					flags,
+					mode,
+					0);
+	} else {
+		fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, mode);
+	}
+
 	if (fsp->fh->fd == -1) {
 		int posix_errno = link_errno_convert(errno);
 		status = map_nt_error_from_unix(posix_errno);