summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-12-01 13:22:55 -0800
committerJeremy Allison <jra@samba.org>2008-12-01 13:22:55 -0800
commitedde763d3f981f9ccdf65feffd85a591fb1708c1 (patch)
tree814a5aaf10e65aae037eb110227d702bcf205c64
parent49a8bd5e14fdb78197fc821fca72f0ba201f5f39 (diff)
downloadsamba-edde763d3f981f9ccdf65feffd85a591fb1708c1.tar.gz
samba-edde763d3f981f9ccdf65feffd85a591fb1708c1.tar.bz2
samba-edde763d3f981f9ccdf65feffd85a591fb1708c1.zip
s3:smbd: correctly verify stream names to pass RAW-STREAMS
metze
-rw-r--r--source3/smbd/reply.c36
1 files changed, 35 insertions, 1 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index d23f9c106e..a1833b55df 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -52,11 +52,45 @@ static NTSTATUS check_path_syntax_internal(char *path,
const char *s = path;
NTSTATUS ret = NT_STATUS_OK;
bool start_of_name_component = True;
+ bool stream_started = false;
*p_last_component_contains_wcard = False;
while (*s) {
- if (IS_PATH_SEP(*s,posix_path)) {
+ if (stream_started) {
+ switch (*s) {
+ case '/':
+ case '\\':
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ case ':':
+ if (s[1] == '\0') {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ if (strchr_m(&s[1], ':')) {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ if (StrCaseCmp(s, ":$DATA") != 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ break;
+ }
+ }
+
+ if (!stream_started && *s == ':') {
+ if (*p_last_component_contains_wcard) {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ /* stream names allow more characters than file names */
+ stream_started = true;
+ start_of_name_component = false;
+ posix_path = true;
+
+ if (s[1] == '\0') {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ }
+
+ if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
/*
* Safe to assume is not the second part of a mb char
* as this is handled below.