From fddef6fc201ed127eaac737e725d1c2dd8c6926e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 11 Jun 2004 17:54:23 +0000
Subject: r1115: Fix for #1427. Catch bad path errors at the right point.
 Ensure all our pathname parsing is consistent. Jeremy. (This used to be
 commit 5e8237e306f0bb0e492f10fb6487938132899384)

---
 source3/rpc_server/srv_srvsvc_nt.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'source3/rpc_server')

diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 087c50451e..54cc0d6161 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1886,6 +1886,18 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
 
 	unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
 	unix_convert(filename, conn, NULL, &bad_path, &st);
+	if (bad_path) {
+		DEBUG(3,("_srv_net_file_query_secdesc: bad pathname %s\n", filename));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
+	if (!check_name(filename,conn)) {
+		DEBUG(3,("_srv_net_file_query_secdesc: can't access %s\n", filename));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
 	fsp = open_file_shared(conn, filename, &st, SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDONLY),
 				(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, INTERNAL_OPEN_ONLY,
 				&access_mode, &action);
@@ -1990,6 +2002,18 @@ WERROR _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *q_
 
 	unistr2_to_ascii(filename, &q_u->uni_file_name, sizeof(filename));
 	unix_convert(filename, conn, NULL, &bad_path, &st);
+	if (bad_path) {
+		DEBUG(3,("_srv_net_file_set_secdesc: bad pathname %s\n", filename));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
+	if (!check_name(filename,conn)) {
+		DEBUG(3,("_srv_net_file_set_secdesc: can't access %s\n", filename));
+		r_u->status = WERR_ACCESS_DENIED;
+		goto error_exit;
+	}
+
 
 	fsp = open_file_shared(conn, filename, &st, SET_DENY_MODE(DENY_NONE)|SET_OPEN_MODE(DOS_OPEN_RDWR),
 			(FILE_FAIL_IF_NOT_EXIST|FILE_EXISTS_OPEN), FILE_ATTRIBUTE_NORMAL, INTERNAL_OPEN_ONLY,
-- 
cgit