| commit | d385058ce7c9914ea58613f65414e45f2f777481 | |
| author | Volker Lendecke <vl@samba.org> | |
| Sat, 15 Oct 2022 11:37:17 +0000 (15 13:37 +0200) | ||
| committer | Jule Anger <janger@samba.org> | |
| Tue, 25 Oct 2022 11:27:02 +0000 (25 11:27 +0000) | ||
| tree | 855d613c76a3d62d631e59d39b5b054f89311475 | treesnapshot (tar.gz zip) |
| parent | d905dbddf8d2655e6c91752b750cbe9c15837ee5 | commitdiff |
CVE-2022-3592 smbd: Slightly simplify filename_convert_dirfsp()
subdir_of() calculates the share-relative rest for us, don't do the
strlen(connectpath) calculation twice. subdir_of() also checks that
the target properly ends on a directory. With just strncmp a symlink
to x->/aa/etc would qualify as in share /a, so a "get x/passwd" leads to a
pretty unfortunate result. This is the proper fix for bug 15207, so we
need to change the expected error code to OBJECT_PATH_NOT_FOUND
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Oct 25 11:27:02 UTC 2022 on sn-devel-184
subdir_of() calculates the share-relative rest for us, don't do the
strlen(connectpath) calculation twice. subdir_of() also checks that
the target properly ends on a directory. With just strncmp a symlink
to x->/aa/etc would qualify as in share /a, so a "get x/passwd" leads to a
pretty unfortunate result. This is the proper fix for bug 15207, so we
need to change the expected error code to OBJECT_PATH_NOT_FOUND
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Oct 25 11:27:02 UTC 2022 on sn-devel-184
| source3/script/tests/test_symlink_traversal_smb2.sh | diffblobblamehistory | |
| source3/smbd/filename.c | diffblobblamehistory |