The Samba-Bugzilla – Attachment 18005 Details for
Bug 15419
weird filename can cause assert to fail in openat_pathref_fsp_nosymlink()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 4.17.next
bug-15419-4.17 (text/plain), 2.35 KB, created by
Jeremy Allison
on 2023-07-27 18:45:00 UTC
(
hide
)
Description:
git-am fix for 4.17.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2023-07-27 18:45:00 UTC
Size:
2.35 KB
patch
obsolete
>From 6975c448a48936432023bc2c7ee72d1c82e3d8b9 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 27 Jul 2023 11:33:12 -0700 >Subject: [PATCH] s3: smbd: Sanitize any "server" and "share" components of > SMB1 DFS paths to remove UNIX separators. > >(Back-ported from commit 20df26b908182f0455f301a51aeb54b6044af580) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15419 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> >--- > source3/smbd/smb2_reply.c | 31 +++++++++++++++++++++++++++++++ > 1 file changed, 31 insertions(+) > >diff --git a/source3/smbd/smb2_reply.c b/source3/smbd/smb2_reply.c >index 0303db428f2..abd9b928b7e 100644 >--- a/source3/smbd/smb2_reply.c >+++ b/source3/smbd/smb2_reply.c >@@ -335,6 +335,7 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx, > char *share = NULL; > char *remaining_path = NULL; > char path_sep = 0; >+ char *p = NULL; > > if (posix_pathnames && (dst[0] == '/')) { > path_sep = dst[0]; >@@ -385,6 +386,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx, > if (share == NULL) { > goto local_path; > } >+ /* >+ * Ensure the server name does not contain >+ * any possible path components by converting >+ * them to _'s. >+ */ >+ for (p = server + 1; p < share; p++) { >+ if (*p == '/' || *p == '\\') { >+ *p = '_'; >+ } >+ } > /* > * It's a well formed DFS path with > * at least server and share components. >@@ -399,6 +410,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx, > */ > remaining_path = strchr(share+1, path_sep); > if (remaining_path == NULL) { >+ /* >+ * Ensure the share name does not contain >+ * any possible path components by converting >+ * them to _'s. >+ */ >+ for (p = share + 1; *p; p++) { >+ if (*p == '/' || *p == '\\') { >+ *p = '_'; >+ } >+ } > /* > * If no remaining path this was > * a bare /server/share path. Just return. >@@ -406,6 +427,16 @@ static size_t srvstr_get_path_internal(TALLOC_CTX *ctx, > *err = NT_STATUS_OK; > return ret; > } >+ /* >+ * Ensure the share name does not contain >+ * any possible path components by converting >+ * them to _'s. >+ */ >+ for (p = share + 1; p < remaining_path; p++) { >+ if (*p == '/' || *p == '\\') { >+ *p = '_'; >+ } >+ } > *remaining_path = '/'; > dst = remaining_path + 1; > /* dst now points at any following components. */ >-- >2.34.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18005">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
slow
:
review+
Actions:
View
Attachments on
bug 15419
:
17980
|
17981
|
17982
|
18004
| 18005 |
18064