[FAILING TEST] The no symlink follow test for CVE-2017-2619 is failing sometimes
Jeremy Allison
jra at samba.org
Fri Apr 28 16:11:25 UTC 2017
On Fri, Apr 28, 2017 at 11:48:47AM +0200, Andreas Schneider wrote:
> Hi Jeremy,
>
> the test samba3.blackbox.smbclient_s3.sign (nt4_dc).follow symlinks =
> no(nt4_dc) sometimes fails for me, and I think we also saw it in autobuild
> failing too. The failure looks like that:
>
> NT_STATUS_FILE_IS_A_DIRECTORY opening remote file \test\foo\bar\testfile
>
> ls -la /home/asn/workspace/projects/samba/st/ad_member/share/nosymlinks/test/
> foo/bar/
> total 4
> drwxrwxrwx 2 asn asn-group 22 Apr 28 11:42 .
> drwxrwxrwx 3 asn asn-group 17 Apr 28 11:42 ..
> -rw-rw-rw- 1 asn asn-group 87 Apr 28 11:42 testfile
>
> Domain=[SAMBADOMAIN] OS=[] Server=[]
> smb: \> cd test\foo\bar
> smb: \test\foo\bar\> ls
> . D 0 Fri Apr 28 11:42:55 2017
> .. D 0 Fri Apr 28 11:42:55 2017
> testfile D 0 Fri Apr 28 11:42:55 2017
>
> 976281660 blocks of size 1024. 525524304 blocks available
> smb: \test\foo\bar\> get testfile -
> NT_STATUS_FILE_IS_A_DIRECTORY opening remote file \test\foo\bar\testfile
> smb: \test\foo\bar\> quit
> failed - NT_STATUS_XXXX doing cd foo\bar; get testfile on \nosymlinks
>
> As you can see, 'ls' tells us 'testfile' is a directory, but it isn't as you
> can see from the local 'ls -la' command. The question is why does it report a
> file as directory?
This might happen if xattrs storing the DOS modes are being stored
in a tdb, and a dev/ino pair got re-used without the old entry being
cleared out.
An xattr read for dos attributes might then return the wrong values.
That's my current best guess. Can we work on this together next week
at SambaXP - that way you can make it my problem in person :-) ?
More information about the samba-technical
mailing list