The Samba-Bugzilla – Attachment 14931 Details for
Bug 13834
CVE-2019-3870 [SECURITY] pysmbd: missing restoration of original umask after umask(0)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Unit-style smbd test
smbd-test-patch.txt (text/plain), 4.76 KB, created by
Tim Beale
on 2019-03-15 03:06:32 UTC
(
hide
)
Description:
Unit-style smbd test
Filename:
MIME Type:
Creator:
Tim Beale
Created:
2019-03-15 03:06:32 UTC
Size:
4.76 KB
patch
obsolete
>From 65d9523c97a06c6499519940400c6b6cbdf9c3a2 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 15 Mar 2019 15:20:21 +1300 >Subject: [PATCH] tests: Extend smbd tests to check for umask being overwritten > >The smbd changes the umask - if the code fails to restore the umask to >what it was, then this is very bad. Add an extra check to every >smbd-related test that the umask at the end of the test is the same as >what it was at the beginning (i.e. if the smbd code changed the umask >then it correctly restored the value afterwards). > >As the selftest sets the umask for all tests to zero, it makes it hard >to detect this problem, so the test setUp() needs to set it to something >else first. > >This extra checking is added to the setUp()/tearDown() so that it >applies to all test-cases. However, any failure that occur with this >approach will not be able to be known-failed. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >--- > python/samba/tests/ntacls_backup.py | 5 ++-- > python/samba/tests/posixacl.py | 4 ++-- > python/samba/tests/smbd_base.py | 48 +++++++++++++++++++++++++++++++++++++ > 3 files changed, 53 insertions(+), 4 deletions(-) > create mode 100644 python/samba/tests/smbd_base.py > >diff --git a/python/samba/tests/ntacls_backup.py b/python/samba/tests/ntacls_backup.py >index 03ee821..b6689dc 100644 >--- a/python/samba/tests/ntacls_backup.py >+++ b/python/samba/tests/ntacls_backup.py >@@ -26,10 +26,11 @@ from samba import ntacls > > from samba.auth import system_session > from samba.dcerpc import security >-from samba.tests import TestCaseInTempDir, env_loadparm >+from samba.tests import env_loadparm >+from samba.tests.smbd_base import SmbdBaseTests > > >-class NtaclsBackupRestoreTests(TestCaseInTempDir): >+class NtaclsBackupRestoreTests(SmbdBaseTests): > """ > Tests for NTACLs backup and restore. > """ >diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py >index a758df9..b52289e 100644 >--- a/python/samba/tests/posixacl.py >+++ b/python/samba/tests/posixacl.py >@@ -20,7 +20,7 @@ > > from samba.ntacls import setntacl, getntacl, checkset_backend > from samba.dcerpc import security, smb_acl, idmap >-from samba.tests import TestCaseInTempDir >+from samba.tests.smbd_base import SmbdBaseTests > from samba import provision > import os > from samba.samba3 import smbd, passdb >@@ -32,7 +32,7 @@ DOM_SID = "S-1-5-21-2212615479-2695158682-2101375467" > ACL = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" > > >-class PosixAclMappingTests(TestCaseInTempDir): >+class PosixAclMappingTests(SmbdBaseTests): > > def setUp(self): > super(PosixAclMappingTests, self).setUp() >diff --git a/python/samba/tests/smbd_base.py b/python/samba/tests/smbd_base.py >new file mode 100644 >index 0000000..4e5c364 >--- /dev/null >+++ b/python/samba/tests/smbd_base.py >@@ -0,0 +1,48 @@ >+# Unix SMB/CIFS implementation. Common code for smbd python bindings tests >+# Copyright (C) Catalyst.Net Ltd 2019 >+# >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# >+from samba.tests import TestCaseInTempDir >+import os >+ >+TEST_UMASK = 0o022 >+ >+class SmbdBaseTests(TestCaseInTempDir): >+ >+ def get_umask(self): >+ # we can only get the umask by setting it to something >+ curr_umask = os.umask(0) >+ # restore the old setting >+ os.umask(curr_umask) >+ return curr_umask >+ >+ def setUp(self): >+ super(SmbdBaseTests, self).setUp() >+ self.orig_umask = self.get_umask() >+ >+ # set an arbitrary umask - the underlying smbd code should override >+ # this, but it allows us to check if umask is left unset >+ os.umask(TEST_UMASK) >+ >+ def tearDown(self): >+ # the current umask should be what we set it to earlier - if it's not, >+ # it indicates the code has changed it and not restored it >+ self.assertEqual(self.get_umask(), TEST_UMASK, >+ "umask unexpectedly overridden by test") >+ >+ # restore the original umask value (before we interferred with it) >+ os.umask(self.orig_umask) >+ >+ super(SmbdBaseTests, self).tearDown() >-- >2.7.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14931">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13834
:
14923
|
14928
|
14929
|
14930
|
14931
|
14932
|
14968
|
14985
|
14986
|
14987
|
14988
|
14989
|
14990
|
14995
|
15018
|
15029