37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From b4cd0dcbc38ae61cfb075e5f659384df889e99f7 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Thu, 11 Jul 2019 17:01:29 +0200
|
|
Subject: [PATCH 2/6] CVE-2019-10197: smbd: make sure that
|
|
change_to_user_internal() always resets current_user.done_chdir
|
|
|
|
We should not leave current_user.done_chdir as true if we didn't call
|
|
chdir_current_service() with success.
|
|
|
|
This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
|
|
chdir_current_service() worked once on one share but later failed on another
|
|
share.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
---
|
|
source3/smbd/uid.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
|
|
index ce8e8d92131c..77a81f602988 100644
|
|
--- a/source3/smbd/uid.c
|
|
+++ b/source3/smbd/uid.c
|
|
@@ -427,6 +427,7 @@ static bool change_to_user_internal(connection_struct *conn,
|
|
current_user.conn = conn;
|
|
current_user.vuid = vuid;
|
|
current_user.need_chdir = conn->tcon_done;
|
|
+ current_user.done_chdir = false;
|
|
|
|
if (current_user.need_chdir) {
|
|
ok = chdir_current_service(conn);
|
|
--
|
|
2.17.1
|
|
|