samba36: CVE-2017-7494: rpc_server3: Refuse to open pipe names with /…

… inside Ref.: https://bugzilla.samba.org/show_bug.cgi?id=12780 Backport from Lede.
RMerl · May 25, 2017 · 9da88d2 · 9da88d2
1 parent c0642b4
commit 9da88d2
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/release/src/router/samba36/source3/rpc_server/srv_pipe.c b/release/src/router/samba36/source3/rpc_server/srv_pipe.c
@@ -481,6 +481,11 @@ bool is_known_pipename(const char *cli_filename, struct ndr_syntax_id *syntax)
 		pipename += 1;
 	}
 
+	if (strchr(pipename, '/')) {
+		DEBUG(1, ("Refusing open on pipe %s\n", pipename));
+		return false;
+	}
+
 	if (lp_disable_spoolss() && strequal(pipename, "spoolss")) {
 		DEBUG(10, ("refusing spoolss access\n"));
 		return false;