The bug is located in source/lib/charcnv.c, after the use_as_is labels. The code that "converts" from UCS-2 to multibyte contains the following statement: *outbuf = inbuf[0]; This means that as a result of such "conversion", the following characters may appear in outbuf: 1) Null byte (0x00) 2) Dot (.) 3) Slash (/ or \) 4) Any other character with the code less than 0x20 - Windows won't accept it and it will not be easy to delete the file. This actually happens with the NUMERO SIGN in Russia (UCS2-LE for NUMERO is 0x16 0x21, and it gets mapped to 0x16). The same issue applies to other "conversion" cases (bad multibyte => UCS-2 and multibyte => multibyte). The points (1) - (3) very probably lead to exploits (I am too lazy to actually search for an exploit, but I am sure it exists). A much better solution is to just substitute any bad character with an underscore (or whatever the user specifies in the smb.conf file as a new "bad character replacement" global parameter). Another solution is to do the URL-style percent-escaping of bad characters, but I would prefer to be able to choose between the two mechanisms.
Created attachment 595 [details] This patch implements the "default character" solution This patch implements the "default character" solution. It does not modify the smb.conf manual page, although it should. Please add the following description to the new "default char" global option: This controls the replacement character used instead of inconvertible one when the precise conversion between two character sets is not possible. The default is a '_' but this may interfere with some software. Use this option to set it to whatever you prefer. The value must be an ASCII character. Default: default char = _ Example: default char = X
Created attachment 596 [details] This patch implements the "default character" solution The previous patch had a typo in it
Reassigning to Jim temporarily as I can't commit patches due to some internal reasons.
Applied, except I hardcoded the char to '_'. I really don't want a new parameter. Jeremy.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.