[Pkg-samba-maint] [samba] 01/17: s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).

[Mathieu Parent]

This is an automated email from the git hooks/post-receive script.

sathieu pushed a commit to branch jessie
in repository samba.

commit 5bee418a09515807f307774b7965ec4d08553c2f
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 27 10:46:47 2017 -0700

    s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
    
    In a UNIX filesystem, the names "." and ".." by definition can *never*
    be symlinks - they are already reserved names.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12721
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Uri Simchoni <uri at samba.org>
    (cherry picked from commit ae17bebd250bdde5614b2ac17e53512f19fe9b68)
---
 source3/smbd/vfs.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 4d66012..f084b1d 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -1291,8 +1291,11 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
 			/* fname can't have changed in resolved_path. */
 			const char *p = &resolved_name[rootdir_len];
 
-			/* *p can be '\0' if fname was "." */
-			if (*p == '\0' && ISDOT(fname)) {
+			/*
+			 * UNIX filesystem semantics, names consisting
+			 * only of "." or ".." CANNOT be symlinks.
+			 */
+			if (ISDOT(fname) || ISDOTDOT(fname)) {
 				goto out;
 			}
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-samba/samba.git