From: Volker Lendecke <vl@samba.org>
Date: Thu, 4 Aug 2022 14:44:44 +0000 (+0200)
Subject: smbd: Security fix for systems without O_PATH
X-Git-Tag: samba-4.17.0rc1~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99020ffef2f741dcd72df6ae2d41f9ccf6b88a13;p=thirdparty%2Fsamba.git

smbd: Security fix for systems without O_PATH

Further up we add O_PATH manually. Initial development versions of
this code did set the is_pathref, but then I found this potential
problem. I forgot to remove this incarnation of is_pathref=true, doing
it now.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index afde81d3070..62ca9fc1c8f 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -762,8 +762,8 @@ NTSTATUS openat_pathref_dirfsp_nosymlink(
 #ifdef O_PATH
 	/*
 	 * Add O_PATH manually, doing this by setting
-	 * fsp->fsp_flags.is_pathref will make us become_root(), which
-	 * would cause a security problem.
+	 * fsp->fsp_flags.is_pathref will make us become_root() in the
+	 * non-O_PATH case, which would cause a security problem.
 	 */
 	flags |= O_PATH;
 #else
@@ -901,7 +901,6 @@ next:
 					  nt_errstr(status));
 				goto fail;
 			}
-			fsp->fsp_flags.is_pathref = true;
 			fsp->fsp_name = &full_fname;
 		} else {
 			fsp = tmp;