Bug 15143 - New filename parser doesn't check veto files smb.conf parameter.
Summary: New filename parser doesn't check veto files smb.conf parameter.
Status: ASSIGNED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.17.0rc1
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 15146
Blocks:
  Show dependency treegraph
 
Reported: 2022-08-11 16:20 UTC by Jeremy Allison
Modified: 2022-08-16 20:19 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for master. (7.34 KB, patch)
2022-08-11 17:11 UTC, Jeremy Allison
no flags Details
git-am fix for master. (7.52 KB, patch)
2022-08-11 17:22 UTC, Jeremy Allison
jra: ci-passed+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jeremy Allison 2022-08-11 16:20:20 UTC
filename_convert_dirfsp() doesn't check the smb.conf veto files parameter and so getting files that match, or getting files from a directory that matches is allowed where we should return an error.

Such files are never seen by the client, as smbd_dirptr_get_entry() calls IS_VETO_PATH().

Working on test + patch.
Comment 1 Jeremy Allison 2022-08-11 17:11:43 UTC
Created attachment 17469 [details]
git-am fix for master.

Tests then adds the missing veto files checks in filename_convert_dirfsp_nosymlink().

I'll run through ci, but it's currently pending https://gitlab.com/samba-team/samba/-/merge_requests/2662 as it's based on top of that.
Comment 2 Jeremy Allison 2022-08-11 17:22:42 UTC
Created attachment 17470 [details]
git-am fix for master.

Better version with DBG_DEBUG statements so an admin can see if we rejected a filename. Running ci on it now.
Comment 3 Jeremy Allison 2022-08-11 18:38:18 UTC
Ci passes here:

https://gitlab.com/samba-team/devel/samba/-/pipelines/610650088

Now all I need is for:

https://gitlab.com/samba-team/samba/-/merge_requests/2662

to go in first and I'm good to go :-).
Comment 4 Jeremy Allison 2022-08-16 01:02:13 UTC
Comment on attachment 17470 [details]
git-am fix for master.

New version in ci.
Comment 5 Samba QA Contact 2022-08-16 08:27:04 UTC
This bug was referenced in samba master:

c6933673222ea9ae2eb74d5586c9495269f51ea0
1c293060204d96bf94427f91eb20eb9decc29a41
1654eae11b9c13308b2b78f70309eb3a56960619
Comment 6 Samba QA Contact 2022-08-16 19:38:28 UTC
This bug was referenced in samba v4-17-test:

80c090c87b2898af7f793e1289efd66b279a0e5c
9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd
ff46ee6ad51be64264f706cf7965ad178033ddd2
Comment 7 Samba QA Contact 2022-08-16 20:19:08 UTC
This bug was referenced in samba v4-17-stable (Release samba-4.17.0rc2):

80c090c87b2898af7f793e1289efd66b279a0e5c
9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd
ff46ee6ad51be64264f706cf7965ad178033ddd2