Attachment 16681 Details for Bug 14759 – git-am fix for master.

[patch] git-am fix for master.

bug-14759-master (text/plain), 3.39 KB, created by Jeremy Allison on 2021-07-15 04:43:03 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2021-07-15 04:43:03 UTC

Size: 3.39 KB

patch

obsolete

>From b3024c7f8a0ea053e85609674804503ce8ab0420 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Wed, 14 Jul 2021 21:30:09 -0700
>Subject: [PATCH 1/2] s3: smbd: Allow async dosmode to cope with ".." pathnames
> where we close smb_fname->fsp to prevent meta-data leakage.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>---
> source3/smbd/dosmode.c | 23 ++++++++++++++---------
> 1 file changed, 14 insertions(+), 9 deletions(-)
>
>diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
>index 43c46867122..99cb8607944 100644
>--- a/source3/smbd/dosmode.c
>+++ b/source3/smbd/dosmode.c
>@@ -814,15 +814,20 @@ struct tevent_req *dos_mode_at_send(TALLOC_CTX *mem_ctx,
> 	}
> 
> 	if (smb_fname->fsp == NULL) {
>-		/*
>-		 * The pathological case where a caller does
>-		 * dos_mode_at_send() and smb_fname points at a
>-		 * symlink in POSIX context. smb_fname->fsp is NULL.
>-		 *
>-		 * FIXME ? Should we move to returning
>-		 * FILE_ATTRIBUTE_REPARSE_POINT here ?
>-		 */
>-		state->dosmode = FILE_ATTRIBUTE_NORMAL;
>+		if (ISDOTDOT(smb_fname->base_name)) {
>+			/*
>+			 * smb_fname->fsp is explicitly closed
>+			 * for ".." to prevent meta-data leakage.
>+			 */
>+			state->dosmode = FILE_ATTRIBUTE_DIRECTORY;
>+		} else {
>+			/*
>+			 * This is a symlink in POSIX context.
>+			 * FIXME ? Should we move to returning
>+			 * FILE_ATTRIBUTE_REPARSE_POINT here ?
>+			 */
>+			state->dosmode = FILE_ATTRIBUTE_NORMAL;
>+		}
> 		tevent_req_done(req);
> 		return tevent_req_post(req, ev);
> 	}
>-- 
>2.27.0
>
>
>From beeab559c41a54c3bbf0c6c1a5cf5860e33a0977 Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Wed, 14 Jul 2021 19:11:05 -0700
>Subject: [PATCH 2/2] s3: smbd: Don't leak meta-data about the containing
> directory of the share root.
>
>This is a subtle one. In smbd_dirptr_get_entry() we now
>open a pathref fsp on all entries - including "..".
>
>If we're at the root of the share we don't want
>a handle to the directory above it, so silently
>close the smb_fname->fsp for ".." names to prevent
>it from being used to return meta-data to the client
>(more than we already have done historically by
>calling pathname functions on "..").
>
>The marshalling returned entries and async DOS
>code copes with smb_fname->fsp == NULL perfectly
>well.
>
>Only in master, but will need fixing for 4.15.rc1
>or 2.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>---
> source3/smbd/dir.c | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
>diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
>index 127e4b0d08d..4c807c3f85c 100644
>--- a/source3/smbd/dir.c
>+++ b/source3/smbd/dir.c
>@@ -946,6 +946,31 @@ bool smbd_dirptr_get_entry(TALLOC_CTX *ctx,
> 			continue;
> 		}
> 
>+		/*
>+		 * Don't leak metadata about the containing
>+		 * directory of the share.
>+		 */
>+		if (dirptr_path_is_dot && ISDOTDOT(dname)) {
>+			/*
>+			 * Making a copy here, then freeing
>+			 * the original will close the smb_fname->fsp.
>+			 */
>+			struct smb_filename *tmp_smb_fname =
>+				cp_smb_filename(ctx, smb_fname);
>+
>+			if (tmp_smb_fname == NULL) {
>+				TALLOC_FREE(atname);
>+				TALLOC_FREE(smb_fname);
>+				TALLOC_FREE(dname);
>+				TALLOC_FREE(fname);
>+				return false;
>+			}
>+			TALLOC_FREE(smb_fname);
>+			smb_fname = tmp_smb_fname;
>+			mode = FILE_ATTRIBUTE_DIRECTORY;
>+			get_dosmode = false;
>+		}
>+
> 		ok = mode_fn(ctx,
> 			     private_data,
> 			     dirptr->dir_hnd->fsp,
>-- 
>2.27.0
>

Flags:

slow: review+

Actions: View

Attachments on bug 14759: 16681 | 16709