summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/trans2.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 91196766d1..ba2931d809 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3506,12 +3506,17 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n",
srvstr_pull(inbuf, link_target, pdata, sizeof(link_target), -1, STR_TERMINATE);
/* !widelinks forces the target path to be within the share. */
+ /* This means we can interpret the target as a pathname. */
if (!lp_widelinks(SNUM(conn))) {
pstring rel_name;
char *last_dirp = NULL;
- unix_format(link_target);
-
+ srvstr_get_path(inbuf, link_target, pdata, sizeof(link_target),
+ -1, STR_TERMINATE, &status);
+ if (!NT_STATUS_IS_OK(status)) {
+ return ERROR_NT(status);
+ }
+ unix_convert(link_target,conn,0,&bad_path,&sbuf);
pstrcpy(rel_name, newname);
last_dirp = strrchr_m(rel_name, '/');
if (last_dirp) {
@@ -3520,6 +3525,7 @@ size = %.0f, uid = %u, gid = %u, raw perms = 0%o\n",
pstrcpy(rel_name, "./");
}
pstrcat(rel_name, link_target);
+
if (ensure_link_is_safe(conn, rel_name) != 0) {
return(UNIXERROR(ERRDOS,ERRnoaccess));
}
generated by cgit (git 2.34.1) at 2025-03-06 09:04:40 +0000