Skip to content

Instantly share code, notes, and snippets.

@moisseev

moisseev/patch-source3_modules_vfs__shadow__copy2.c

Last active May 16, 2017 13:31
Show Gist options
  • Save moisseev/79fd40b876330a71e5657d3f509e86b6 to your computer and use it in GitHub Desktop.
Save moisseev/79fd40b876330a71e5657d3f509e86b6 to your computer and use it in GitHub Desktop.
Download ZIP
[partial fix] CVE-2015-5299 denies access to ZFS snapshots due to overly strict condition checking (the patch is against Samba 4.4.13)
Raw
patch-source3_modules_vfs__shadow__copy2.c
--- source3/modules/vfs_shadow_copy2.c.orig 2017-04-02 08:19:24 UTC
+++ source3/modules/vfs_shadow_copy2.c
@@ -1533,7 +1533,7 @@ static bool check_access_snapdir(struct
&smb_fname,
false,
SEC_DIR_LIST);
- if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
DEBUG(0,("user does not have list permission "
"on snapdir %s\n",
smb_fname.base_name));
@moisseev
Copy link
Author

moisseev commented Apr 16, 2016
edited

Applying the patch to FreeBSD port

# cd /usr/ports/net/samba44 && make patch
# fetch --output=/dev/stdout https://gist.githubusercontent.com/moisseev/79fd40b876330a71e5657d3f509e86b6/raw/793ed7f297940dda0e3ec0a60cd090459fdb2d3f/patch-source3_modules_vfs__shadow__copy2.c | patch -d `make -V WRKSRC`
# make

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment