[PATCH] s3/smbd: use stat from smb_fname if valid in refuse_symlink()
Ralph Böhme
slow at samba.org
Sun Sep 11 11:09:43 UTC 2016
Hi!
I think we can safely save one stat call in refuse_symlink(). Please
review carefully & push if ok.
refuse_symlink() was added as part of CVE-2015-7560, bug 11648 in
commit b551cd83ef74340adaf88629a9ee9fa5c5215ec6 taking a char *path
and an fsp, so obviously a stat optimisation could only be done for
the case a valid fsp was passed.
A later change in 13dae2b46ed9a53b7eeed4ce125478b5bbb3e2b5 changed the
function signature to take a struct smb_filename * instead of a char *.
Cheerio!
-slow
-------------- next part --------------
From c89adbdffc4676465678a8d1160c50a2a6dadbe8 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Sat, 10 Sep 2016 14:43:07 +0200
Subject: [PATCH] s3/smbd: use stat from smb_fname if valid in refuse_symlink()
Now that refuse_symlink() gets passed in a smb_fname and not just a char
buffer, we can try to reuse its stat info and save one stat call here.
Signed-off-by: Ralph Boehme <slow at samba.org>
---
source3/smbd/trans2.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 1775316..20a1fb8 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -55,7 +55,7 @@ static char *store_file_unix_basic_info2(connection_struct *conn,
const SMB_STRUCT_STAT *psbuf);
/****************************************************************************
- Check if an open file handle or pathname is a symlink.
+ Check if an open file handle or smb_fname is a symlink.
****************************************************************************/
static NTSTATUS refuse_symlink(connection_struct *conn,
@@ -68,6 +68,10 @@ static NTSTATUS refuse_symlink(connection_struct *conn,
if (fsp) {
pst = &fsp->fsp_name->st;
} else {
+ pst = &smb_fname->st;
+ }
+
+ if (!VALID_STAT(*pst)) {
int ret = vfs_stat_smb_basename(conn,
smb_fname,
&sbuf);
@@ -76,6 +80,7 @@ static NTSTATUS refuse_symlink(connection_struct *conn,
}
pst = &sbuf;
}
+
if (S_ISLNK(pst->st_ex_mode)) {
return NT_STATUS_ACCESS_DENIED;
}
--
2.7.4
More information about the samba-technical
mailing list