wok-stable view samba/stuff/CVE-2017-7494.u @ rev 12463
samba: CVE-2017-7494
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Mon May 29 18:19:51 2017 +0200 (2017-05-29) |
| parents | |
| children |
line source
1 CVE-2017-7494: rpc_server3: Refuse to open pipe names with / inside
2 --- source3/rpc_server/srv_pipe.c
3 +++ source3/rpc_server/srv_pipe.c
4 @@ -1102,6 +1102,11 @@
5 pipename += 1;
6 }
8 + if (strchr(pipename, '/')) {
9 + DEBUG(1, ("Refusing open on pipe %s\n", pipename));
10 + return false;
11 + }
12 +
13 if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
14 DEBUG(10, ("refusing spoolss access\n"));
15 return false;