| commit | 67c837789f321c42230bfc3592652ce858f68da1 | |
| author | Jeremy Allison <jra@samba.org> | |
| Thu, 21 Mar 2019 21:51:30 +0000 (21 14:51 -0700) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 5 Apr 2019 08:15:19 +0000 (5 10:15 +0200) | ||
| tree | 9859c1cf9c9b8af7f3a15c585cc3e9591b2531ac | treesnapshot (tar.gz zip) |
| parent | 8e0a6867c4e3480c0269c87821b54f1451656ae7 | commitdiff |
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.
If the incoming handle is valid, return WERR_BAD_PATHNAME.
[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.
As reported by Michael Hanselmann.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.
If the incoming handle is valid, return WERR_BAD_PATHNAME.
[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.
As reported by Michael Hanselmann.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
| source3/rpc_server/winreg/srv_winreg_nt.c | diffblobblamehistory |