diff options
-rw-r--r-- | source3/smbd/trans2.c | 10 | ||||
-rw-r--r-- | source3/smbd/vfs.c | 4 |
2 files changed, 8 insertions, 6 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index f221262282..91196766d1 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2865,7 +2865,7 @@ NTSTATUS set_delete_on_close_over_all(files_struct *fsp, BOOL delete_on_close) Returns true if this pathname is within the share, and thus safe. ****************************************************************************/ -static int ensure_link_is_safe(connection_struct *conn, const char *link_dest_in, char *link_dest_out) +static int ensure_link_is_safe(connection_struct *conn, const char *link_dest_in) { #ifdef PATH_MAX char resolved_name[PATH_MAX+1]; @@ -2882,9 +2882,6 @@ static int ensure_link_is_safe(connection_struct *conn, const char *link_dest_in pstrcpy(link_dest, link_dest_in); unix_convert(link_dest,conn,0,&bad_path,&sbuf); - /* Store the UNIX converted path. */ - pstrcpy(link_dest_out, link_dest); - p = strrchr_m(link_dest, '/'); if (p) { fstrcpy(last_component, p+1); @@ -2998,7 +2995,8 @@ NTSTATUS hardlink_internals(connection_struct *conn, char *oldname, char *newnam return NT_STATUS_FILE_IS_A_DIRECTORY; } - if (ensure_link_is_safe(conn, oldname, oldname) != 0) + /* Ensure this is within the share. */ + if (!reduce_name(conn, oldname) != 0) return NT_STATUS_ACCESS_DENIED; DEBUG(10,("hardlink_internals: doing hard link %s -> %s\n", newname, oldname )); @@ -3522,7 +3520,7 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n", pstrcpy(rel_name, "./"); } pstrcat(rel_name, link_target); - if (ensure_link_is_safe(conn, rel_name, rel_name) != 0) { + if (ensure_link_is_safe(conn, rel_name) != 0) { return(UNIXERROR(ERRDOS,ERRnoaccess)); } diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 0f3d591ebb..a415e0470e 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -829,7 +829,11 @@ BOOL reduce_name(connection_struct *conn, pstring fname) if (p) { *p++ = '\0'; fstrcpy(last_component, p); + } else { + fstrcpy(last_component, tmp_fname); + pstrcpy(tmp_fname, "."); } + #ifdef REALPATH_TAKES_NULL resolved_name = SMB_VFS_REALPATH(conn,tmp_fname,NULL); #else |