[PATCH] s3/smbd: use stat from smb_fname if valid in refuse_symlink()
Ralph Böhme
slow at samba.org
Sun Sep 11 11:42:54 UTC 2016
On Sun, Sep 11, 2016 at 01:09:43PM +0200, Ralph Böhme wrote:
> I think we can safely save one stat call in refuse_symlink(). Please
> review carefully & push if ok.
>
> refuse_symlink() was added as part of CVE-2015-7560, bug 11648 in
> commit b551cd83ef74340adaf88629a9ee9fa5c5215ec6 taking a char *path
> and an fsp, so obviously a stat optimisation could only be done for
> the case a valid fsp was passed.
>
> A later change in 13dae2b46ed9a53b7eeed4ce125478b5bbb3e2b5 changed the
> function signature to take a struct smb_filename * instead of a char *.
it fails the POSIX-SYMLINK-EA test. :/ Glad we have it! Looking
into it.
Cheerio!
-slow
More information about the samba-technical
mailing list