[PATCH] s3/smbd: use stat from smb_fname if valid in refuse_symlink()

Ralph Böhme slow at samba.org
Sun Sep 11 11:09:43 UTC 2016 

Hi!

I think we can safely save one stat call in refuse_symlink(). Please
review carefully & push if ok.

refuse_symlink() was added as part of CVE-2015-7560, bug 11648 in
commit b551cd83ef74340adaf88629a9ee9fa5c5215ec6 taking a char *path
and an fsp, so obviously a stat optimisation could only be done for
the case a valid fsp was passed.

A later change in 13dae2b46ed9a53b7eeed4ce125478b5bbb3e2b5 changed the
function signature to take a struct smb_filename * instead of a char *.

Cheerio!
-slow
-------------- next part --------------
From c89adbdffc4676465678a8d1160c50a2a6dadbe8 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Sat, 10 Sep 2016 14:43:07 +0200
Subject: [PATCH] s3/smbd: use stat from smb_fname if valid in refuse_symlink()

Now that refuse_symlink() gets passed in a smb_fname and not just a char
buffer, we can try to reuse its stat info and save one stat call here.

Signed-off-by: Ralph Boehme <slow at samba.org>
---
 source3/smbd/trans2.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 1775316..20a1fb8 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -55,7 +55,7 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
 				const SMB_STRUCT_STAT *psbuf);
 
 /****************************************************************************
- Check if an open file handle or pathname is a symlink.
+ Check if an open file handle or smb_fname is a symlink.
 ****************************************************************************/
 
 static NTSTATUS refuse_symlink(connection_struct *conn,
@@ -68,6 +68,10 @@ static NTSTATUS refuse_symlink(connection_struct *conn,
 	if (fsp) {
 		pst = &fsp->fsp_name->st;
 	} else {
+		pst = &smb_fname->st;
+	}
+
+	if (!VALID_STAT(*pst)) {
 		int ret = vfs_stat_smb_basename(conn,
 				smb_fname,
 				&sbuf);
@@ -76,6 +80,7 @@ static NTSTATUS refuse_symlink(connection_struct *conn,
 		}
 		pst = &sbuf;
 	}
+
 	if (S_ISLNK(pst->st_ex_mode)) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
-- 
2.7.4

More information about the samba-technical mailing list