git.samba.org
/
sfrench
/
samba-autobuild
/
.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
59b2ef1
)
CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
author
Volker Lendecke
<vl@samba.org>
Mon, 8 May 2017 19:40:40 +0000
(21:40 +0200)
committer
Karolin Seeger
<kseeger@samba.org>
Fri, 19 May 2017 08:24:25 +0000
(10:24 +0200)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
source3/rpc_server/srv_pipe.c
patch
|
blob
|
history
diff --git
a/source3/rpc_server/srv_pipe.c
b/source3/rpc_server/srv_pipe.c
index bcd7e5db6c29887331dae0983399d02f7ef3b5fb..40d60a76ed27ace8105f1967b6fbb463482307a4 100644
(file)
--- a/
source3/rpc_server/srv_pipe.c
+++ b/
source3/rpc_server/srv_pipe.c
@@
-476,6
+476,11
@@
bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
{
NTSTATUS status;
+ if (strchr(pipename, '/')) {
+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
+ return false;
+ }
+
if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
DEBUG(10, ("refusing spoolss access\n"));
return false;