From: Jeremy Allison <jra@samba.org>
Date: Thu, 10 Jun 2021 17:30:17 +0000 (-0700)
Subject: s3: smbd: Protect dos_mode_at_send() from running into a symlink.
X-Git-Tag: tevent-0.11.0~391
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=72ace149f96cf98c2ea68f93306b5b50228f6e65;p=thirdparty%2Fsamba.git

s3: smbd: Protect dos_mode_at_send() from running into a symlink.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power<npower@samba.org>
---

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index c4c8be0b722..84ee8994a98 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -817,6 +817,20 @@ struct tevent_req *dos_mode_at_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
+	if (smb_fname->fsp == NULL) {
+		/*
+		 * The pathological case where a caller does
+		 * dos_mode_at_send() and smb_fname points at a
+		 * symlink in POSIX context. smb_fname->fsp is NULL.
+		 *
+		 * FIXME ? Should we move to returning
+		 * FILE_ATTRIBUTE_REPARSE_POINT here ?
+		 */
+		state->dosmode = FILE_ATTRIBUTE_NORMAL;
+		tevent_req_done(req);
+		return tevent_req_post(req, ev);
+	}
+
 	subreq = SMB_VFS_GET_DOS_ATTRIBUTES_SEND(state,
 						 ev,
 						 dir_fsp,