Commit c92ac5ad authored by Andrew Bartlett's avatar Andrew Bartlett Committed by Karolin Seeger

CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()

mkdir() is the other call that requires a umask of 0 in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834Signed-off-by: 's avatarAndrew Bartlett <abartlet@samba.org>
Reviewed-by: 's avatarJeremy Allison <jra@samba.org>
parent 30db4865
^samba.tests.ntacls_backup.samba.tests.ntacls_backup.NtaclsBackupRestoreTests.test_smbd_mkdir
\ No newline at end of file
......@@ -739,6 +739,8 @@ static PyObject *py_smbd_mkdir(PyObject *self, PyObject *args, PyObject *kwargs)
TALLOC_CTX *frame = talloc_stackframe();
struct connection_struct *conn = NULL;
struct smb_filename *smb_fname = NULL;
int ret;
mode_t saved_umask;
if (!PyArg_ParseTupleAndKeywords(args,
kwargs,
......@@ -769,8 +771,15 @@ static PyObject *py_smbd_mkdir(PyObject *self, PyObject *args, PyObject *kwargs)
return NULL;
}
/* we want total control over the permissions on created files,
so set our umask to 0 */
saved_umask = umask(0);
ret = SMB_VFS_MKDIR(conn, smb_fname, 00755);
if (SMB_VFS_MKDIR(conn, smb_fname, 00755) == -1) {
umask(saved_umask);
if (ret == -1) {
DBG_ERR("mkdir error=%d (%s)\n", errno, strerror(errno));
TALLOC_FREE(frame);
return NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment