diff options
Diffstat (limited to 'meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch')
-rw-r--r-- | meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch b/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch deleted file mode 100644 index a435c08b5f..0000000000 --- a/meta-oe/recipes-connectivity/samba/samba/samba-3.6.19-CVE-2013-4475.patch +++ /dev/null @@ -1,102 +0,0 @@ -Upstream-Status: Backport - -From 928910f01f951657ea4629a6d573ac00646d16f8 Mon Sep 17 00:00:00 2001 -From: Jeremy Allison <jra@samba.org> -Date: Thu, 31 Oct 2013 13:48:42 -0700 -Subject: [PATCH] Fix bug #10229 - No access check verification on stream - files. - -https://bugzilla.samba.org/show_bug.cgi?id=10229 - -We need to check if the requested access mask -could be used to open the underlying file (if -it existed), as we're passing in zero for the -access mask to the base filename. - -Signed-off-by: Jeremy Allison <jra@samba.org> ---- - source3/smbd/open.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 61 insertions(+) - -diff --git a/source3/smbd/open.c b/source3/smbd/open.c -index 447de80..441b8cd 100644 ---- a/source3/smbd/open.c -+++ b/source3/smbd/open.c -@@ -152,6 +152,48 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, - } - - /**************************************************************************** -+ Ensure when opening a base file for a stream open that we have permissions -+ to do so given the access mask on the base file. -+****************************************************************************/ -+ -+static NTSTATUS check_base_file_access(struct connection_struct *conn, -+ struct smb_filename *smb_fname, -+ uint32_t access_mask) -+{ -+ uint32_t access_granted = 0; -+ NTSTATUS status; -+ -+ status = smbd_calculate_access_mask(conn, smb_fname, -+ false, -+ access_mask, -+ &access_mask); -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(10, ("smbd_calculate_access_mask " -+ "on file %s returned %s\n", -+ smb_fname_str_dbg(smb_fname), -+ nt_errstr(status))); -+ return status; -+ } -+ -+ if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) { -+ uint32_t dosattrs; -+ if (!CAN_WRITE(conn)) { -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ dosattrs = dos_mode(conn, smb_fname); -+ if (IS_DOS_READONLY(dosattrs)) { -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ } -+ -+ -+ return smbd_check_open_rights(conn, -+ smb_fname, -+ access_mask, -+ &access_granted); -+} -+ -+/**************************************************************************** - fd support routines - attempt to do a dos_open. - ****************************************************************************/ - -@@ -3227,6 +3269,25 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, - if (SMB_VFS_STAT(conn, smb_fname_base) == -1) { - DEBUG(10, ("Unable to stat stream: %s\n", - smb_fname_str_dbg(smb_fname_base))); -+ } else { -+ /* -+ * https://bugzilla.samba.org/show_bug.cgi?id=10229 -+ * We need to check if the requested access mask -+ * could be used to open the underlying file (if -+ * it existed), as we're passing in zero for the -+ * access mask to the base filename. -+ */ -+ status = check_base_file_access(conn, -+ smb_fname_base, -+ access_mask); -+ -+ if (!NT_STATUS_IS_OK(status)) { -+ DEBUG(10, ("Permission check " -+ "for base %s failed: " -+ "%s\n", smb_fname->base_name, -+ nt_errstr(status))); -+ goto fail; -+ } - } - - /* Open the base file. */ --- -1.8.4.1 - |