summaryrefslogtreecommitdiff
path: root/source4/ntvfs/posix
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-10-25 06:23:28 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:04:40 -0500
commit7780bec7b4169cb2a78ceda16e6dc9e00dcb0b0f (patch)
tree7c688462f2882a876ee286c7d4f54313df85f925 /source4/ntvfs/posix
parent6b2fc6e2d431261ea0877afa27a70ec15d504f37 (diff)
downloadsamba-7780bec7b4169cb2a78ceda16e6dc9e00dcb0b0f.tar.gz
samba-7780bec7b4169cb2a78ceda16e6dc9e00dcb0b0f.tar.bz2
samba-7780bec7b4169cb2a78ceda16e6dc9e00dcb0b0f.zip
r3198: check for too many .. components in filenames
pvfs now passes RAW-MKDIR (This used to be commit 41adb385f123b8d4cd3fe2eb03d891b6bdcf2361)
Diffstat (limited to 'source4/ntvfs/posix')
-rw-r--r--source4/ntvfs/posix/pvfs_resolve.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/source4/ntvfs/posix/pvfs_resolve.c b/source4/ntvfs/posix/pvfs_resolve.c
index 5b86cd3a73..5d98274511 100644
--- a/source4/ntvfs/posix/pvfs_resolve.c
+++ b/source4/ntvfs/posix/pvfs_resolve.c
@@ -180,8 +180,9 @@ static NTSTATUS pvfs_case_search(struct pvfs_state *pvfs, struct pvfs_filename *
static NTSTATUS pvfs_unix_path(struct pvfs_state *pvfs, const char *cifs_name,
uint_t flags, struct pvfs_filename *name)
{
- char *ret, *p;
+ char *ret, *p, *p_start;
size_t len;
+ int num_components=0;
name->original_name = talloc_strdup(name, cifs_name);
name->stream_name = NULL;
@@ -217,6 +218,7 @@ static NTSTATUS pvfs_unix_path(struct pvfs_state *pvfs, const char *cifs_name,
/* now do an in-place conversion of '\' to '/', checking
for legal characters */
+ p_start = p;
while (*p) {
size_t c_size;
codepoint_t c = next_codepoint(p, &c_size);
@@ -228,6 +230,7 @@ static NTSTATUS pvfs_unix_path(struct pvfs_state *pvfs, const char *cifs_name,
return NT_STATUS_ILLEGAL_CHARACTER;
}
*p = '/';
+ num_components++;
break;
case ':':
if (!(flags & PVFS_RESOLVE_STREAMS)) {
@@ -252,6 +255,18 @@ static NTSTATUS pvfs_unix_path(struct pvfs_state *pvfs, const char *cifs_name,
case '/':
case '|':
return NT_STATUS_ILLEGAL_CHARACTER;
+ case '.':
+ if (p[1] != '.' ||
+ (p[2] != '\\' && p[2] != 0) ||
+ (p != p_start && p[-1] != '/')) {
+ break;
+ }
+ /* its definately a .. component */
+ num_components--;
+ if (num_components <= 0) {
+ return NT_STATUS_OBJECT_PATH_SYNTAX_BAD;
+ }
+ break;
}
p += c_size;
generated by cgit (git 2.34.1) at 2025-01-05 03:44:50 +0000