From c997a4a4a40f9f8f7755e60be783de106371caec Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 10 Jun 2014 14:41:45 -0700 Subject: [PATCH 1/2] s3: smbd - SMB[2|3]. Ensure a \ or / can't be found anywhere in a search path, not just at the start. Signed-off-by: Jeremy Allison --- source3/smbd/smb2_find.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c index 3f779b8..d66c093 100644 --- a/source3/smbd/smb2_find.c +++ b/source3/smbd/smb2_find.c @@ -252,11 +252,11 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID); return tevent_req_post(req, ev); } - if (strcmp(in_file_name, "\\") == 0) { + if (strchr_m(in_file_name, '\\') != NULL) { tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID); return tevent_req_post(req, ev); } - if (strcmp(in_file_name, "/") == 0) { + if (strchr_m(in_file_name, '/') != NULL) { tevent_req_nterror(req, NT_STATUS_OBJECT_NAME_INVALID); return tevent_req_post(req, ev); } -- 2.0.0.526.g5318336 From f5a1dde50b0328965c859c39a61b79cf88a363e7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 10 Jun 2014 15:58:15 -0700 Subject: [PATCH 2/2] s3: smbd : SMB2 - fix SMB2_SEARCH when searching non wildcard string with a case-canonicalized share. We need to go through filename_convert() in order for the filename canonicalization to be done on a non-wildcard search string (as is done in the SMB1 findfirst code path). Fixes Bug #10650 - "case sensitive = True" option doesn't work with "max protocol = SMB2" or higher in large directories. https://bugzilla.samba.org/show_bug.cgi?id=10650 Signed-off-by: Jeremy Allison --- source3/smbd/smb2_find.c | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c index d66c093..e9e0542 100644 --- a/source3/smbd/smb2_find.c +++ b/source3/smbd/smb2_find.c @@ -224,6 +224,7 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY; bool dont_descend = false; bool ask_sharemode = true; + bool wcard_has_wild; struct tm tm; char *p; @@ -323,11 +324,41 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, dptr_CloseDir(fsp); } - if (fsp->dptr == NULL) { - bool wcard_has_wild; + wcard_has_wild = ms_has_wild(in_file_name); - wcard_has_wild = ms_has_wild(in_file_name); + /* Ensure we've canonicalized any search path if not a wildcard. */ + if (!wcard_has_wild) { + struct smb_filename *smb_fname = NULL; + const char *fullpath; + if (ISDOT(fsp->fsp_name->base_name)) { + fullpath = in_file_name; + } else { + fullpath = talloc_asprintf(state, + "%s/%s", + fsp->fsp_name->base_name, + in_file_name); + } + if (tevent_req_nomem(fullpath, req)) { + return tevent_req_post(req, ev); + } + status = filename_convert(state, + conn, + false, /* Not a DFS path. */ + fullpath, + UCF_SAVE_LCOMP | UCF_ALWAYS_ALLOW_WCARD_LCOMP, + &wcard_has_wild, + &smb_fname); + + if (!NT_STATUS_IS_OK(status)) { + tevent_req_nterror(req, status); + return tevent_req_post(req, ev); + } + + in_file_name = smb_fname->original_lcomp; + } + + if (fsp->dptr == NULL) { status = dptr_create(conn, NULL, /* req */ fsp, -- 2.0.0.526.g5318336