CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside

author Volker Lendecke <vl@samba.org>

Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)

committer Karolin Seeger <kseeger@samba.org>

Fri, 19 May 2017 08:24:25 +0000 (10:24 +0200)
author Volker Lendecke <vl@samba.org>
Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)
committer Karolin Seeger <kseeger@samba.org>
Fri, 19 May 2017 08:24:25 +0000 (10:24 +0200)
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c

index bcd7e5db6c29887331dae0983399d02f7ef3b5fb..40d60a76ed27ace8105f1967b6fbb463482307a4 100644 (file)
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -476,6 +476,11 @@ bool is_known_pipename(const char *pipename, struct ndr_syntax_id *syntax)
  {
         NTSTATUS status;
  
+       if (strchr(pipename, '/')) {
+               DEBUG(1, ("Refusing open on pipe %s\n", pipename));
+               return false;
+       }
+
         if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
                 DEBUG(10, ("refusing spoolss access\n"));
                 return false;
author	Volker Lendecke <vl@samba.org>
	Mon, 8 May 2017 19:40:40 +0000 (21:40 +0200)
committer	Karolin Seeger <kseeger@samba.org>
	Fri, 19 May 2017 08:24:25 +0000 (10:24 +0200)