From b4cd0dcbc38ae61cfb075e5f659384df889e99f7 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 11 Jul 2019 17:01:29 +0200
Subject: [PATCH 2/6] CVE-2019-10197: smbd: make sure that
 change_to_user_internal() always resets current_user.done_chdir

We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.

This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/smbd/uid.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index ce8e8d92131c..77a81f602988 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -427,6 +427,7 @@ static bool change_to_user_internal(connection_struct *conn,
 	current_user.conn = conn;
 	current_user.vuid = vuid;
 	current_user.need_chdir = conn->tcon_done;
+	current_user.done_chdir = false;
 
 	if (current_user.need_chdir) {
 		ok = chdir_current_service(conn);
-- 
2.17.1