Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CVE-2023-4091: smbd: use open_access_mask for access check in open_fi…
…le() If the client requested FILE_OVERWRITE[_IF], we're implicitly adding FILE_WRITE_DATA to the open_access_mask in open_file_ntcreate(), but for the access check we're using access_mask which doesn't contain the additional right, which means we can end up truncating a file for which the user has only read-only access via an SD. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15439 Signed-off-by: Ralph Boehme <slow@samba.org>
- Loading branch information