The Samba-Bugzilla – Attachment 10468 Details for
Bug 10971
Fixes for vfs_streams_xattr
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for v4-2-test that went into master
v42_vfs_streams_xattr.patch (text/plain), 4.32 KB, created by
Ralph Böhme
on 2014-11-28 10:32:59 UTC
(
hide
)
Description:
git-am fix for v4-2-test that went into master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2014-11-28 10:32:59 UTC
Size:
4.32 KB
patch
obsolete
>From 73874bec85e16e7d1480b8ca3a6b807589a8aa9f Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Thu, 20 Nov 2014 16:33:22 +0100 >Subject: [PATCH 1/3] vfs_streams_xattr: fix check with > samba_private_attr_name() > >We want to check with samba_private_attr_name() whether the xattr name >is a private one, unfortunately it flags xattrs that begin with the >default streams prefix as private. By only calling >samba_private_attr_name() in case the xattr does NOT begin with the >default prefix, we know that if it returns 'true' it definitely one of >our internal xattr like "user.DOSATTRIB". > >This fixes a bug introduced in 634bcb09a08b927fd79ae0e16aeee2a123605f94 >that denied all access to valid stream xattrs. > >Backport of 1160fcfe3d97644a6bcfa9ee687fd7dfca58e812 from master. >https://bugzilla.samba.org/show_bug.cgi?id=10971 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_streams_xattr.c | 21 ++++++++++++++++++--- > 1 file changed, 18 insertions(+), 3 deletions(-) > >diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c >index 735db2b..6314442 100644 >--- a/source3/modules/vfs_streams_xattr.c >+++ b/source3/modules/vfs_streams_xattr.c >@@ -687,13 +687,28 @@ static NTSTATUS walk_xattr_streams(vfs_handle_struct *handle, files_struct *fsp, > for (i=0; i<num_names; i++) { > struct ea_struct ea; > >+ /* >+ * We want to check with samba_private_attr_name() >+ * whether the xattr name is a private one, >+ * unfortunately it flags xattrs that begin with the >+ * default streams prefix as private. >+ * >+ * By only calling samba_private_attr_name() in case >+ * the xattr does NOT begin with the default prefix, >+ * we know that if it returns 'true' it definitely one >+ * of our internal xattr like "user.DOSATTRIB". >+ */ >+ if (strncasecmp_m(names[i], SAMBA_XATTR_DOSSTREAM_PREFIX, >+ strlen(SAMBA_XATTR_DOSSTREAM_PREFIX)) != 0) { >+ if (samba_private_attr_name(names[i])) { >+ continue; >+ } >+ } >+ > if (strncmp(names[i], config->prefix, > config->prefix_len) != 0) { > continue; > } >- if (samba_private_attr_name(names[i])) { >- continue; >- } > > status = get_ea_value(names, handle->conn, fsp, fname, > names[i], &ea); >-- >1.9.3 > > >From efcb075eb8032b46dae1bc35fe11f150c46f0dc0 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 21 Nov 2014 14:54:17 +0100 >Subject: [PATCH 2/3] vfs_streams_xattr: initialize pointer > >Intitialize pointer to NULL, otherwise we talloc_free() an unitialized >pointer in the error code path. > >Backport of 1076e4e4e2a2b6238116bd860b03a9dcc8a151f8 from master. >https://bugzilla.samba.org/show_bug.cgi?id=10971 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_streams_xattr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c >index 6314442..f65ccc8 100644 >--- a/source3/modules/vfs_streams_xattr.c >+++ b/source3/modules/vfs_streams_xattr.c >@@ -533,7 +533,7 @@ static int streams_xattr_unlink(vfs_handle_struct *handle, > { > NTSTATUS status; > int ret = -1; >- char *xattr_name; >+ char *xattr_name = NULL; > > if (!is_ntfs_stream_smb_fname(smb_fname)) { > return SMB_VFS_NEXT_UNLINK(handle, smb_fname); >-- >1.9.3 > > >From 08af9baffa1ed5f344d7263ad64b3fd5d4ff7b21 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Fri, 21 Nov 2014 14:56:08 +0100 >Subject: [PATCH 3/3] vfs_streams_xattr: check stream type > >Only allow access to the stream type "$DATA". vfs_streams_depot does >this too and it fixes the failing test "smb2.streams.names". > >Backport of 927290b384bc4f4fd53a1f93d4d27ccc71dd6135 from master. >https://bugzilla.samba.org/show_bug.cgi?id=10971 > >Signed-off-by: Ralph Boehme <slow@samba.org> >--- > source3/modules/vfs_streams_xattr.c | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c >index f65ccc8..f0ab732 100644 >--- a/source3/modules/vfs_streams_xattr.c >+++ b/source3/modules/vfs_streams_xattr.c >@@ -114,6 +114,12 @@ static NTSTATUS streams_xattr_get_name(vfs_handle_struct *handle, > > stype = strchr_m(stream_name + 1, ':'); > >+ if (stype) { >+ if (strcasecmp_m(stype, ":$DATA") != 0) { >+ return NT_STATUS_INVALID_PARAMETER; >+ } >+ } >+ > *xattr_name = talloc_asprintf(ctx, "%s%s", > config->prefix, > stream_name + 1); >-- >1.9.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10468">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 10971
:
10467
| 10468