diff options
| author | Stefan Metzmacher <metze@samba.org> | 2008-12-01 13:22:55 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-12-01 13:22:55 -0800 |
| commit | edde763d3f981f9ccdf65feffd85a591fb1708c1 (patch) | |
| tree | 814a5aaf10e65aae037eb110227d702bcf205c64 /source3/smbd | |
| parent | 49a8bd5e14fdb78197fc821fca72f0ba201f5f39 (diff) | |
| download | samba-edde763d3f981f9ccdf65feffd85a591fb1708c1.tar.gz samba-edde763d3f981f9ccdf65feffd85a591fb1708c1.tar.bz2 samba-edde763d3f981f9ccdf65feffd85a591fb1708c1.zip | |
s3:smbd: correctly verify stream names to pass RAW-STREAMS
metze
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/reply.c | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index d23f9c106e..a1833b55df 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -52,11 +52,45 @@ static NTSTATUS check_path_syntax_internal(char *path, const char *s = path; NTSTATUS ret = NT_STATUS_OK; bool start_of_name_component = True; + bool stream_started = false; *p_last_component_contains_wcard = False; while (*s) { - if (IS_PATH_SEP(*s,posix_path)) { + if (stream_started) { + switch (*s) { + case '/': + case '\\': + return NT_STATUS_OBJECT_NAME_INVALID; + case ':': + if (s[1] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + if (strchr_m(&s[1], ':')) { + return NT_STATUS_OBJECT_NAME_INVALID; + } + if (StrCaseCmp(s, ":$DATA") != 0) { + return NT_STATUS_INVALID_PARAMETER; + } + break; + } + } + + if (!stream_started && *s == ':') { + if (*p_last_component_contains_wcard) { + return NT_STATUS_OBJECT_NAME_INVALID; + } + /* stream names allow more characters than file names */ + stream_started = true; + start_of_name_component = false; + posix_path = true; + + if (s[1] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + } + + if (!stream_started && IS_PATH_SEP(*s,posix_path)) { /* * Safe to assume is not the second part of a mb char * as this is handled below. |