15143 – New filename parser doesn't check veto files smb.conf parameter.

Bug 15143 - New filename parser doesn't check veto files smb.conf parameter.

Summary: New filename parser doesn't check veto files smb.conf parameter.

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	File services (show other bugs)
Version:	4.17.0rc1
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:	15146
Blocks:
	Show dependency tree / graph

Reported:	2022-08-11 16:20 UTC by Jeremy Allison
Modified:	2022-08-16 20:19 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
git-am fix for master. (7.34 KB, patch) 2022-08-11 17:11 UTC, Jeremy Allison	no flags	Details
git-am fix for master. (7.52 KB, patch) 2022-08-11 17:22 UTC, Jeremy Allison	jra: ci-passed+	Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jeremy Allison 2022-08-11 16:20:20 UTC

filename_convert_dirfsp() doesn't check the smb.conf veto files parameter and so getting files that match, or getting files from a directory that matches is allowed where we should return an error.

Such files are never seen by the client, as smbd_dirptr_get_entry() calls IS_VETO_PATH().

Working on test + patch.

Comment 1 Jeremy Allison 2022-08-11 17:11:43 UTC

Created attachment 17469 [details]
git-am fix for master.

Tests then adds the missing veto files checks in filename_convert_dirfsp_nosymlink().

I'll run through ci, but it's currently pending https://gitlab.com/samba-team/samba/-/merge_requests/2662 as it's based on top of that.

Comment 2 Jeremy Allison 2022-08-11 17:22:42 UTC

Created attachment 17470 [details]
git-am fix for master.

Better version with DBG_DEBUG statements so an admin can see if we rejected a filename. Running ci on it now.

Comment 3 Jeremy Allison 2022-08-11 18:38:18 UTC

Ci passes here:

https://gitlab.com/samba-team/devel/samba/-/pipelines/610650088

Now all I need is for:

https://gitlab.com/samba-team/samba/-/merge_requests/2662

to go in first and I'm good to go :-).

Comment 4 Jeremy Allison 2022-08-16 01:02:13 UTC

Comment on attachment 17470 [details]
git-am fix for master.

New version in ci.

Comment 5 Samba QA Contact 2022-08-16 08:27:04 UTC

This bug was referenced in samba master:

c6933673222ea9ae2eb74d5586c9495269f51ea0
1c293060204d96bf94427f91eb20eb9decc29a41
1654eae11b9c13308b2b78f70309eb3a56960619

Comment 6 Samba QA Contact 2022-08-16 19:38:28 UTC

This bug was referenced in samba v4-17-test:

80c090c87b2898af7f793e1289efd66b279a0e5c
9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd
ff46ee6ad51be64264f706cf7965ad178033ddd2

Comment 7 Samba QA Contact 2022-08-16 20:19:08 UTC

This bug was referenced in samba v4-17-stable (Release samba-4.17.0rc2):

80c090c87b2898af7f793e1289efd66b279a0e5c
9e32b03e1eec07485582c6c0ea67f2f3a7ea89fd
ff46ee6ad51be64264f706cf7965ad178033ddd2