From: Jeremy Allison Date: Wed, 8 Dec 2021 06:19:29 +0000 (-0800) Subject: CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for... X-Git-Tag: tevent-0.12.0~812 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4e5539e402fd2116b4eb4f4f2d687da509491d6;p=thirdparty%2Fsamba.git CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT(). We need to take SMB1+POSIX into account here and do an LSTAT if it's a POSIX name. Remove knownfail.d/posix_sylink_rename BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Mon Jan 31 16:26:26 UTC 2022 on sn-devel-184 --- diff --git a/selftest/knownfail.d/posix_sylink_rename b/selftest/knownfail.d/posix_sylink_rename deleted file mode 100644 index 9c3cc0a41ba..00000000000 --- a/selftest/knownfail.d/posix_sylink_rename +++ /dev/null @@ -1 +0,0 @@ -^samba3.blackbox.test_symlink_rename.SMB1.posix.symlink_rename_SMB1_posix\(fileserver_smb1_done\) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 7886e48279e..28fee839296 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -7305,7 +7305,7 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, goto out; } - dst_exists = SMB_VFS_STAT(conn, smb_fname_dst) == 0; + dst_exists = vfs_stat(conn, smb_fname_dst) == 0; if(!replace_if_exists && dst_exists) { DEBUG(3, ("rename_internals_fsp: dest exists doing rename "