git.samba.org
/
samba.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
[samba.git]
/
source3
/
rpc_server
/
srv_pipe.c
diff --git
a/source3/rpc_server/srv_pipe.c
b/source3/rpc_server/srv_pipe.c
index 39f5fb49ec3c0e011a5c6ad4b7ac60bcf49af05a..f79fbe26abff1e3a2b3f3a21480196afc09d13b1 100644
(file)
--- a/
source3/rpc_server/srv_pipe.c
+++ b/
source3/rpc_server/srv_pipe.c
@@
-481,6
+481,11
@@
bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
{
NTSTATUS status;
+ if (strchr(pipename, '/')) {
+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
+ return false;
+ }
+
if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
DEBUG(10, ("refusing spoolss access\n"));
return false;