The Samba-Bugzilla – Attachment 15214 Details for
Bug 13979
CVE-2021-43566 [SECURITY] mkdir race condition allows share escape in Samba 4.x
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Minor patch to address use-after free in May 31, 2019 patch from Jeremy
bug13979uaf.diff (text/plain), 615 bytes, created by
hansmi
on 2019-06-03 21:51:09 UTC
(
hide
)
Description:
Minor patch to address use-after free in May 31, 2019 patch from Jeremy
Filename:
MIME Type:
Creator:
hansmi
Created:
2019-06-03 21:51:09 UTC
Size:
615 bytes
patch
obsolete
>diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index d2b03c430b0..64d40c39c37 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -4128,12 +4128,14 @@ static NTSTATUS mkdir_internal(connection_struct *conn, > } > } > >- /* Go back to the previous $cwd. */ >- safe_pathname_end(&safe_filename_state); >- > /* Ensure returned stat is up to date. */ > smb_dname->st = smb_dname_rel->st; > >+ smb_dname_rel = NULL; >+ >+ /* Go back to the previous $cwd. */ >+ safe_pathname_end(&safe_filename_state); >+ > notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME, > smb_dname->base_name); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=15214">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13979
:
15205
|
15212
|
15213
|
15214
|
15215
|
15217
|
16812
|
16815
|
16987
|
16988
|
17072