From: Jeremy Allison <jra@samba.org>
Date: Tue, 5 Jan 2016 19:33:48 +0000 (-0800)
Subject: CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
X-Git-Tag: samba-4.1.23~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1825c8138135226fbf9ca685edd4b44aac40220;p=thirdparty%2Fsamba.git

CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 04a13c48c24..103e601072e 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -658,6 +658,11 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
 		return NT_STATUS_EAS_NOT_SUPPORTED;
 	}
 
+	status = refuse_symlink(conn, fsp, smb_fname->base_name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	status = check_access(conn, fsp, smb_fname, FILE_WRITE_EA);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;