The Samba-Bugzilla – Attachment 14929 Details for
Bug 13834
CVE-2019-3870 [SECURITY] pysmbd: missing restoration of original umask after umask(0)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WIP patch for master
0001-pysmbd-Move-umask-manipuations-out-of-init_files_str.patch (text/plain), 3.83 KB, created by
Andrew Bartlett
on 2019-03-14 05:28:34 UTC
(
hide
)
Description:
WIP patch for master
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2019-03-14 05:28:34 UTC
Size:
3.83 KB
patch
obsolete
>From 17f0456b9ff06450bc9ee4e0d03bcb34ea39aea9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 14 Mar 2019 18:20:06 +1300 >Subject: [PATCH] pysmbd: Move umask manipuations out of init_files_struct() > and into callers > >Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012 >and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for >Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and >restore tools, which needed to write files with full metadata). > >This in turn avoids leaving init_files_struct() without resetting the umask to >the original, saved, value. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > source3/smbd/pysmbd.c | 28 +++++++++++++++++++--------- > 1 file changed, 19 insertions(+), 9 deletions(-) > >diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c >index fd0c9fd46a7..77f1ee63602 100644 >--- a/source3/smbd/pysmbd.c >+++ b/source3/smbd/pysmbd.c >@@ -122,7 +122,6 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, > { > struct smb_filename *smb_fname = NULL; > int ret; >- mode_t saved_umask; > struct files_struct *fsp; > > fsp = talloc_zero(mem_ctx, struct files_struct); >@@ -135,15 +134,10 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, > } > fsp->conn = conn; > >- /* we want total control over the permissions on created files, >- so set our umask to 0 */ >- saved_umask = umask(0); >- > smb_fname = synthetic_smb_fname_split(fsp, > fname, > lp_posix_pathnames()); > if (smb_fname == NULL) { >- umask(saved_umask); > return NT_STATUS_NO_MEMORY; > } > >@@ -151,7 +145,6 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, > fsp->fh->fd = SMB_VFS_OPEN(conn, smb_fname, fsp, flags, 00644); > if (fsp->fh->fd == -1) { > int err = errno; >- umask(saved_umask); > if (err == ENOENT) { > return NT_STATUS_OBJECT_NAME_NOT_FOUND; > } >@@ -164,7 +157,6 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx, > DEBUG(0,("Error doing fstat on open file %s (%s)\n", > smb_fname_str_dbg(smb_fname), > strerror(errno) )); >- umask(saved_umask); > return map_nt_error_from_unix(errno); > } > >@@ -191,8 +183,12 @@ static NTSTATUS set_nt_acl_conn(const char *fname, > TALLOC_CTX *frame = talloc_stackframe(); > struct files_struct *fsp = NULL; > NTSTATUS status = NT_STATUS_OK; >+ mode_t saved_umask; > >- /* first, try to open it as a file with flag O_RDWR */ >+ /* >+ * first, try to open it as a file with flag O_RDWR. No need >+ * to save the umask here, as O_CREAT is not specified >+ */ > status = init_files_struct(frame, > fname, > conn, >@@ -217,7 +213,14 @@ static NTSTATUS set_nt_acl_conn(const char *fname, > return status; > } > >+ /* we want total control over the permissions on created files, >+ so set our umask to 0 */ >+ saved_umask = umask(0); >+ > status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, sd); >+ >+ umask(saved_umask); >+ > if (!NT_STATUS_IS_OK(status)) { > DEBUG(0,("set_nt_acl_no_snum: fset_nt_acl returned %s.\n", nt_errstr(status))); > } >@@ -849,6 +852,7 @@ static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *k > struct connection_struct *conn = NULL; > struct files_struct *fsp = NULL; > NTSTATUS status; >+ mode_t saved_umask; > > if (!PyArg_ParseTupleAndKeywords(args, > kwargs, >@@ -867,11 +871,17 @@ static PyObject *py_smbd_create_file(PyObject *self, PyObject *args, PyObject *k > return NULL; > } > >+ /* we want total control over the permissions on created files, >+ so set our umask to 0 */ >+ saved_umask = umask(0); >+ > status = init_files_struct(frame, > fname, > conn, > O_CREAT|O_EXCL|O_RDWR, > &fsp); >+ umask(saved_umask); >+ > if (!NT_STATUS_IS_OK(status)) { > DBG_ERR("init_files_struct failed: %s\n", > nt_errstr(status)); >-- >2.11.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14929">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
dbagnall
:
review+
Actions:
View
Attachments on
bug 13834
:
14923
|
14928
|
14929
|
14930
|
14931
|
14932
|
14968
|
14985
|
14986
|
14987
|
14988
|
14989
|
14990
|
14995
|
15018
|
15029