Bug 12536 - smbd doesn't check for invalid bits in access_mask
Summary: smbd doesn't check for invalid bits in access_mask
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-23 16:54 UTC by Ralph Böhme
Modified: 2017-02-17 10:50 UTC (History)
2 users (show)

See Also:


Attachments
Patch for 4.4, 4.5 and 4.6 cherry-picked from master (4.45 KB, patch)
2017-02-15 17:46 UTC, Ralph Böhme
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph Böhme 2017-01-23 16:54:15 UTC
The torture test base.createx_access, in autobuild currently not run against smbd but only against s4 ntvfs, indicates what we're missing a check for invalid bits in the access_mask from the client.

Patch to follow...
Comment 1 Ralph Böhme 2017-02-15 17:22:16 UTC
(In reply to Ralph Böhme from comment #0)
This comment is not quite correct, as the test is run against and fails the ad_dc env which of course uses smbd, not s4 ntvfs....
Comment 2 Ralph Böhme 2017-02-15 17:29:37 UTC
(In reply to Ralph Böhme from comment #1)
Sorry, it has been a long day, but this was again...wrong. :/ Let's try to say it differently: smbd was missing a check present in s4 ntvfs. The existing test was only run against s4 ntvfs so the missing check in smbd went unnoticed.

The patchset adds the check to smbd and runs the existing test against ad_dc as well.
Comment 3 Ralph Böhme 2017-02-15 17:46:17 UTC
Created attachment 12943 [details]
Patch for 4.4, 4.5 and 4.6 cherry-picked from master
Comment 4 Jeremy Allison 2017-02-15 19:22:34 UTC
Comment on attachment 12943 [details]
Patch for 4.4, 4.5 and 4.6 cherry-picked from master

LGTM.
Comment 5 Jeremy Allison 2017-02-15 19:22:58 UTC
Re-assigning to Karolin for inclusion in 4.6.next, 4.5.next, 4.4.next.
Comment 6 Karolin Seeger 2017-02-17 10:50:01 UTC
(In reply to Jeremy Allison from comment #5)
Pushed to autobuild-v4-{6,5,4}-test.
Comment 7 Karolin Seeger 2017-02-17 10:50:53 UTC
(In reply to Karolin Seeger from comment #6)
Pushed to all branches.
Closing out bug report.

Thanks!