1From d2bc9f3afe23ee04d237ae9f4511fbe59a27ff54 Mon Sep 17 00:00:00 2001 2From: Volker Lendecke <vl@samba.org> 3Date: Mon, 8 May 2017 21:40:40 +0200 4Subject: [PATCH] CVE-2017-7494: rpc_server3: Refuse to open pipe names with / 5 inside 6 7Bug: https://bugzilla.samba.org/show_bug.cgi?id=12780 8 9Signed-off-by: Volker Lendecke <vl@samba.org> 10Reviewed-by: Jeremy Allison <jra@samba.org> 11Reviewed-by: Stefan Metzmacher <metze@samba.org> 12--- 13 source3/rpc_server/srv_pipe.c | 5 +++++ 14 1 file changed, 5 insertions(+) 15 16--- a/source3/rpc_server/srv_pipe.c 17+++ b/source3/rpc_server/srv_pipe.c 18@@ -473,6 +473,11 @@ bool is_known_pipename(const char *cli_f 19 pipename += 1; 20 } 21 22+ if (strchr(pipename, '/')) { 23+ DEBUG(1, ("Refusing open on pipe %s\n", pipename)); 24+ return false; 25+ } 26+ 27 if (lp_disable_spoolss() && strequal(pipename, "spoolss")) { 28 DEBUG(10, ("refusing spoolss access\n")); 29 return false; 30