33 lines
987 B
Diff
33 lines
987 B
Diff
From c12670f75b6403aa0b7d7c02bd7af0d4f1160b9e Mon Sep 17 00:00:00 2001
|
|
From: Volker Lendecke <vl@samba.org>
|
|
Date: Mon, 8 May 2017 21:40:40 +0200
|
|
Subject: [PATCH 1/1] CVE-2017-7494: Refuse to open pipe names with / inside
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780
|
|
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
|
|
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
---
|
|
source3/rpc_server/srv_pipe.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
|
|
index 251f899..7126865 100644
|
|
--- source3/rpc_server/srv_pipe.c
|
|
+++ source3/rpc_server/srv_pipe.c
|
|
@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
|
|
pipename += 1;
|
|
}
|
|
|
|
+ if (strchr(pipename, '/')) {
|
|
+ DEBUG(1,("Refusing open on pipe %s\n", pipename));
|
|
+ return false;
|
|
+ }
|
|
+
|
|
if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
|
|
DEBUG(10, ("refusing spoolss access\n"));
|
|
return false;
|
|
2.9.3
|
|
|
|
|