diff options
| author | Jeremy Allison <jra@samba.org> | 2009-10-01 10:23:29 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2009-10-01 10:23:29 -0700 |
| commit | 00ce3e143f0a3dcf93b0d6745c4df6c7ba78a32d (patch) | |
| tree | d2efc11a2fa9a3eb48ea1f7778593c717928f0b2 /source3/smbd | |
| parent | 75f90772ce14cfbb8256ac7e897741e38b758e34 (diff) | |
| download | samba-00ce3e143f0a3dcf93b0d6745c4df6c7ba78a32d.tar.gz samba-00ce3e143f0a3dcf93b0d6745c4df6c7ba78a32d.tar.bz2 samba-00ce3e143f0a3dcf93b0d6745c4df6c7ba78a32d.zip | |
Fix for CVE-2009-2813.
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/service.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 3520f0d411..b5946f0335 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -56,6 +56,10 @@ bool set_conn_connectpath(connection_struct *conn, const char *connectpath) const char *s = connectpath; bool start_of_name_component = true; + if (connectpath == NULL || connectpath[0] == '\0') { + return false; + } + destname = SMB_STRDUP(connectpath); if (!destname) { return false; @@ -259,7 +263,7 @@ int add_home_service(const char *service, const char *username, const char *home { int iHomeService; - if (!service || !homedir) + if (!service || !homedir || homedir[0] == '\0') return -1; if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) { |