diff options
author | Jeff Layton <jlayton@redhat.com> | 2010-01-26 08:15:41 -0500 |
---|---|---|
committer | Jeff Layton <jlayton@redhat.com> | 2010-01-26 08:15:41 -0500 |
commit | a065c177dfc8f968775593ba00dffafeebb2e054 (patch) | |
tree | fcc1ace9adbe0e3e379b07e2f20ca952699048f8 | |
parent | 3ae5dac462c4ed0fb2cd94553583c56fce2f9d80 (diff) | |
download | samba-a065c177dfc8f968775593ba00dffafeebb2e054.tar.gz samba-a065c177dfc8f968775593ba00dffafeebb2e054.tar.bz2 samba-a065c177dfc8f968775593ba00dffafeebb2e054.zip |
mount.cifs: check for invalid characters in device name and mountpoint
It's apparently possible to corrupt the mtab if you pass embedded
newlines to addmntent. Apparently tabs are also a problem with certain
earlier glibc versions. Backslashes are also a minor issue apparently,
but we can't reasonably filter those.
Make sure that neither the devname or mountpoint contain any problematic
characters before allowing the mount to proceed.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
-rw-r--r-- | client/mount.cifs.c | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/client/mount.cifs.c b/client/mount.cifs.c index f30418bfc2..96f0c1c834 100644 --- a/client/mount.cifs.c +++ b/client/mount.cifs.c @@ -1164,6 +1164,36 @@ static void print_cifs_mount_version(void) MOUNT_CIFS_VENDOR_SUFFIX); } +/* + * This function borrowed from fuse-utils... + * + * glibc's addmntent (at least as of 2.10 or so) doesn't properly encode + * newlines embedded within the text fields. To make sure no one corrupts + * the mtab, fail the mount if there are embedded newlines. + */ +static int check_newline(const char *progname, const char *name) +{ + char *s; + for (s = "\n"; *s; s++) { + if (strchr(name, *s)) { + fprintf(stderr, "%s: illegal character 0x%02x in mount entry\n", + progname, *s); + return EX_USAGE; + } + } + return 0; +} + +static int check_mtab(const char *progname, const char *devname, + const char *dir) +{ + if (check_newline(progname, devname) == -1 || + check_newline(progname, dir) == -1) + return EX_USAGE; + return 0; +} + + int main(int argc, char ** argv) { int c; @@ -1607,6 +1637,10 @@ mount_retry: if (verboseflag) fprintf(stderr, "\n"); + rc = check_mtab(thisprogram, dev_name, mountpoint); + if (rc) + goto mount_exit; + if (!fakemnt && mount(dev_name, ".", cifs_fstype, flags, options)) { switch (errno) { case ECONNREFUSED: |