From: Jeremy Allison Date: Thu, 15 Jul 2021 04:30:09 +0000 (-0700) Subject: s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname... X-Git-Tag: ldb-2.5.0~1045 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b004ebb1c62742346b84ecb9d52c783173528fac;p=thirdparty%2Fsamba.git s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname->fsp to prevent meta-data leakage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 43c46867122..99cb8607944 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -814,15 +814,20 @@ struct tevent_req *dos_mode_at_send(TALLOC_CTX *mem_ctx, } if (smb_fname->fsp == NULL) { - /* - * The pathological case where a caller does - * dos_mode_at_send() and smb_fname points at a - * symlink in POSIX context. smb_fname->fsp is NULL. - * - * FIXME ? Should we move to returning - * FILE_ATTRIBUTE_REPARSE_POINT here ? - */ - state->dosmode = FILE_ATTRIBUTE_NORMAL; + if (ISDOTDOT(smb_fname->base_name)) { + /* + * smb_fname->fsp is explicitly closed + * for ".." to prevent meta-data leakage. + */ + state->dosmode = FILE_ATTRIBUTE_DIRECTORY; + } else { + /* + * This is a symlink in POSIX context. + * FIXME ? Should we move to returning + * FILE_ATTRIBUTE_REPARSE_POINT here ? + */ + state->dosmode = FILE_ATTRIBUTE_NORMAL; + } tevent_req_done(req); return tevent_req_post(req, ev); }