From 22225e412b4feac1654845dee93cdc140a8567f8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 28 Sep 2009 13:52:57 +0200
Subject: Fix for CVE-2009-2813.

===========================================================
== Subject:     Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#:     CVE-2009-2813
==
== Versions:    All versions of Samba later than 3.0.11
==
== Summary:     If a user in /etc/passwd is misconfigured to have
==              an empty home directory then connecting to the home
==              share of this user will use the root of the filesystem
==              as the home directory.
===========================================================
(cherry picked from commit 6fd272875d27c6974a194d0cb2cde39a98ca4af2)
---
 source/param/loadparm.c | 7 ++++++-
 source/smbd/service.c   | 6 +++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 4556d0b18d7..6df94e160f4 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -5827,6 +5827,11 @@ bool lp_add_home(const char *pszHomename, int iDefaultService,
 {
 	int i;
 
+	if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
+			pszHomedir[0] == '\0') {
+		return false;
+	}
+
 	i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
 
 	if (i < 0)
@@ -7777,7 +7782,7 @@ static void lp_add_auto_services(char *str)
 
 		home = get_user_home_dir(talloc_tos(), p);
 
-		if (home && homes >= 0)
+		if (home && home[0] && homes >= 0)
 			lp_add_home(p, homes, p, home);
 
 		TALLOC_FREE(home);
diff --git a/source/smbd/service.c b/source/smbd/service.c
index 1c8ffbd627d..5d9b9dfaa3e 100644
--- a/source/smbd/service.c
+++ b/source/smbd/service.c
@@ -55,6 +55,10 @@ bool set_conn_connectpath(connection_struct *conn, const char *connectpath)
 	const char *s = connectpath;
         bool start_of_name_component = true;
 
+	if (connectpath == NULL || connectpath[0] == '\0') {
+		return false;
+	}
+
 	destname = SMB_STRDUP(connectpath);
 	if (!destname) {
 		return false;
@@ -327,7 +331,7 @@ int add_home_service(const char *service, const char *username, const char *home
 {
 	int iHomeService;
 
-	if (!service || !homedir)
+	if (!service || !homedir || homedir[0] == '\0')
 		return -1;
 
 	if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {
-- 
cgit