summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/smbd/trans2.c10
-rw-r--r--source3/smbd/vfs.c4
2 files changed, 8 insertions, 6 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index f221262282..91196766d1 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2865,7 +2865,7 @@ NTSTATUS set_delete_on_close_over_all(files_struct *fsp, BOOL delete_on_close)
Returns true if this pathname is within the share, and thus safe.
****************************************************************************/
-static int ensure_link_is_safe(connection_struct *conn, const char *link_dest_in, char *link_dest_out)
+static int ensure_link_is_safe(connection_struct *conn, const char *link_dest_in)
{
#ifdef PATH_MAX
char resolved_name[PATH_MAX+1];
@@ -2882,9 +2882,6 @@ static int ensure_link_is_safe(connection_struct *conn, const char *link_dest_in
pstrcpy(link_dest, link_dest_in);
unix_convert(link_dest,conn,0,&bad_path,&sbuf);
- /* Store the UNIX converted path. */
- pstrcpy(link_dest_out, link_dest);
-
p = strrchr_m(link_dest, '/');
if (p) {
fstrcpy(last_component, p+1);
@@ -2998,7 +2995,8 @@ NTSTATUS hardlink_internals(connection_struct *conn, char *oldname, char *newnam
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (ensure_link_is_safe(conn, oldname, oldname) != 0)
+ /* Ensure this is within the share. */
+ if (!reduce_name(conn, oldname) != 0)
return NT_STATUS_ACCESS_DENIED;
DEBUG(10,("hardlink_internals: doing hard link %s -> %s\n", newname, oldname ));
@@ -3522,7 +3520,7 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n",
pstrcpy(rel_name, "./");
}
pstrcat(rel_name, link_target);
- if (ensure_link_is_safe(conn, rel_name, rel_name) != 0) {
+ if (ensure_link_is_safe(conn, rel_name) != 0) {
return(UNIXERROR(ERRDOS,ERRnoaccess));
}
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 0f3d591ebb..a415e0470e 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -829,7 +829,11 @@ BOOL reduce_name(connection_struct *conn, pstring fname)
if (p) {
*p++ = '\0';
fstrcpy(last_component, p);
+ } else {
+ fstrcpy(last_component, tmp_fname);
+ pstrcpy(tmp_fname, ".");
}
+
#ifdef REALPATH_TAKES_NULL
resolved_name = SMB_VFS_REALPATH(conn,tmp_fname,NULL);
#else