Bug 1495148

Summary: Samba access denied due to invalid symlink detection in open.c
Product: Red Hat Enterprise Linux 6 Reporter: Damiano Bianchi <dbianchi>
Component: sambaAssignee: Andreas Schneider <asn>
Status: CLOSED DUPLICATE QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.10CC: aheverle, asn, erinn.looneytriggs, gdeschner, jrivera, jvilicic, rocky
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-07 08:31:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Damiano Bianchi 2017-09-25 10:03:07 UTC
Description of problem:
No second level directories are presented to the client, after the upgrade to the latest patch (in particular CVE-2017-2619.patch), if the share configuration has the "follow symlinks = no" directive in place, even though there are no symlink in the real path.

Version-Release number of selected component (if applicable):

How reproducible:
Upgrade then place "follow symlinks = no" in the share configuration in smb.conf

Steps to Reproduce:

Actual results:
Client cannot browse share's subdirectories (all directories in the share seems to be empty).

Expected results:
Disabling the "follow synlinks" or downgrading samba all subdirectories are browsable again.

Additional info:
[2017/09/25 11:26:15.396479,  2] smbd/vfs.c:1047(check_reduced_name)
  check_reduced_name: Bad access attempt: . is a symlink

Comment 2 Pavel Lisy 2017-10-05 14:28:18 UTC
I can confirm this bug for samba.x86_64 0:3.6.23-45.el6_9

downgrade to previous version samba.x86_64 0:3.6.23-44.el6_9 solved it.

Comment 3 Andreas Schneider 2017-10-19 14:08:34 UTC
*** Bug 1499025 has been marked as a duplicate of this bug. ***

Comment 4 Andreas Schneider 2017-10-19 14:09:38 UTC
Pavel, you also have 'follow symlinks = no' in your smb.conf file?

Comment 6 Andreas Schneider 2017-11-07 08:31:37 UTC

*** This bug has been marked as a duplicate of bug 1509455 ***