package/network/services/samba36/patches/028-CVE-2017-7494-v3-6.patch

   1 From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001
   2 From: Volker Lendecke <vl@samba.org>
   3 Date: Mon, 8 May 2017 21:40:40 +0200
   4 Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with /
   5  inside
   6
   7 Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780
   8
   9 Signed-off-by: Volker Lendecke <vl@samba.org>
  10 Reviewed-by: Jeremy Allison <jra@samba.org>
  11 Reviewed-by: Stefan Metzmacher <metze@samba.org>
  12 ---
  13  source3/rpc_server/srv_pipe.c | 5 +++++
  14  1 file changed, 5 insertions(+)
  15
  16 --- a/source3/rpc_server/srv_pipe.c
  17 +++ b/source3/rpc_server/srv_pipe.c
  18 @@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f
  19                 pipename += 1;
  20         }
  21
  22 +       if (strchr(pipename, '/')) {
  23 +               DEBUG(1, ("Refusing open on pipe %s\n", pipename));
  24 +               return false;
  25 +       }
  26 +
  27         if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
  28                 DEBUG(10, ("refusing spoolss access\n"));
  29                 return false;