Projects
openEuler:20.03:LTS:SP3
samba
_service:tar_scm_kernel_repo:backport-0002-CVE-...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm_kernel_repo:backport-0002-CVE-2023-4091.patch of Package samba
From 8b26f634372f11edcbea33dfd68a3d57889dfcc5 Mon Sep 17 00:00:00 2001 From: Ralph Boehme <slow@samba.org> Date: Tue, 1 Aug 2023 13:04:36 +0200 Subject: [PATCH] CVE-2023-4091: smbd: use open_access_mask for access check in open_file() If the client requested FILE_OVERWRITE[_IF], we're implicitly adding FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the access check we're using access_mask which doesn't contain the additional right, which means we can end up truncating a file for which the user has only read-only access via an SD. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 Signed-off-by: Ralph Boehme <slow@samba.org> Conflict: remove the modification of selftest/knownfail.d/samba3.smb2.acls and context adapt Reference: https://github.com/samba-team/samba/commit/8b26f634372f11edcbea33dfd68a3d57889dfcc5 --- source3/smbd/open.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 951c8a9..913ca09 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1240,7 +1240,7 @@ static NTSTATUS open_file(files_struct *fsp, status = smbd_check_access_rights(conn, smb_fname, false, - access_mask); + open_access_mask); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("open_file: " @@ -1381,7 +1381,7 @@ static NTSTATUS open_file(files_struct *fsp, status = smbd_check_access_rights(conn, smb_fname, false, - access_mask); + open_access_mask); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) && -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.