diff options
author | Jeremy Allison <jra@samba.org> | 2009-09-28 13:44:12 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-09-28 13:44:12 +0200 |
commit | 8afa10ad7d7e81bcae27b6a913210ef8a1ee4426 (patch) | |
tree | 40db0d87b911c64bdf93b468fc11af6bc3aec08c | |
parent | ec0ee6753818d546ad5817bdb09cdd3b7c5673af (diff) | |
download | samba-8afa10ad7d7e81bcae27b6a913210ef8a1ee4426.tar.gz samba-8afa10ad7d7e81bcae27b6a913210ef8a1ee4426.tar.xz samba-8afa10ad7d7e81bcae27b6a913210ef8a1ee4426.zip |
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
-rw-r--r-- | source/param/loadparm.c | 7 | ||||
-rw-r--r-- | source/smbd/service.c | 6 |
2 files changed, 11 insertions, 2 deletions
diff --git a/source/param/loadparm.c b/source/param/loadparm.c index 3908aef5b0d..491264e2453 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -5875,6 +5875,11 @@ bool lp_add_home(const char *pszHomename, int iDefaultService, { int i; + if (pszHomename == NULL || user == NULL || pszHomedir == NULL || + pszHomedir[0] == '\0') { + return false; + } + i = add_a_service(ServicePtrs[iDefaultService], pszHomename); if (i < 0) @@ -7848,7 +7853,7 @@ static void lp_add_auto_services(char *str) home = get_user_home_dir(talloc_tos(), p); - if (home && homes >= 0) + if (home && home[0] && homes >= 0) lp_add_home(p, homes, p, home); TALLOC_FREE(home); diff --git a/source/smbd/service.c b/source/smbd/service.c index 4724dd7a59f..2a1ef20174c 100644 --- a/source/smbd/service.c +++ b/source/smbd/service.c @@ -55,6 +55,10 @@ bool set_conn_connectpath(connection_struct *conn, const char *connectpath) const char *s = connectpath; bool start_of_name_component = true; + if (connectpath == NULL || connectpath[0] == '\0') { + return false; + } + destname = SMB_STRDUP(connectpath); if (!destname) { return false; @@ -331,7 +335,7 @@ int add_home_service(const char *service, const char *username, const char *home { int iHomeService; - if (!service || !homedir) + if (!service || !homedir || homedir[0] == '\0') return -1; if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) { |