From e8dd34b0d3ba704deff696c1683297536a494893 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 26 Sep 1997 12:39:45 +0000 Subject: This commit fixes the security hole due to buffer overflows. The main fix is just a couple of lines long, but I have now also put precautionary checks on a large number of other places in the code where unchecked string copies were being performed. An exploit via one of these copies is unlikely, but is is better to be safe. I also added a routine to log possible exploit attempts using the code that was posted for obtaining root access on a Samba server. --- source/lib/system.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source/lib/system.c') diff --git a/source/lib/system.c b/source/lib/system.c index 447a4f88aca..df24691512f 100644 --- a/source/lib/system.c +++ b/source/lib/system.c @@ -311,8 +311,8 @@ int sys_rename(char *from, char *to) int rcode; pstring zfrom, zto; - strcpy (zfrom, dos_to_unix (from, False)); - strcpy (zto, dos_to_unix (to, False)); + pstrcpy (zfrom, dos_to_unix (from, False)); + pstrcpy (zto, dos_to_unix (to, False)); rcode = rename (zfrom, zto); if (errno == EXDEV) -- cgit From 78348cb8f8afe6454bd0e3a9f0b93b8c9c0b85b9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 14 Oct 1997 09:15:58 +0000 Subject: add become_root()/unbecome_root() calls. These should be used around regions of the code that need root privilages but which normally don't have them (ie. when processing most SMBs). These functions can optionally save/restore the current working directory as well updated several places in the code that previously used unbecome_user() to achieve the same thing to now use become_root() and unbecome_root() changed close_file() to take an additional argument which says whether this is a normal SMBclose type call or a close that resulted from some other action, such as the close of a connection. If it is a abnormal close then don't use magic scripts or print files. changed sys_utime() to ignore any attempt to set the modification time to 0 or -1. We've had reports that files have had their time set to 0 so this should catch those. --- source/lib/system.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'source/lib/system.c') diff --git a/source/lib/system.c b/source/lib/system.c index df24691512f..b149ccb4b98 100644 --- a/source/lib/system.c +++ b/source/lib/system.c @@ -194,14 +194,23 @@ now for utime() ********************************************************************/ int sys_utime(char *fname,struct utimbuf *times) { - return(utime(dos_to_unix(fname,False),times)); + /* if the modtime is 0 or -1 then ignore the call and + return success */ + if (times->modtime == (time_t)0 || times->modtime == (time_t)-1) + return 0; + + /* if the access time is 0 or -1 then set it to the modtime */ + if (times->actime == (time_t)0 || times->actime == (time_t)-1) + times->actime = times->modtime; + + return(utime(dos_to_unix(fname,False),times)); } + /********************************************************* for rename across filesystems Patch from Warren Birnbaum **********************************************************/ - static int copy_reg (const char *source, const char *dest) { -- cgit