From b833615721d6d2e328908afeb1cb965ab5d38284 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Tue, 13 May 2008 15:02:11 -0700
Subject: Second part of patch for bug #5460. Cope with pathnames that don't
 look like \xxx\yyy, cope with arbitrary length. Jeremy. (This used to be
 commit 635035d999fcd8e06b70c8cb1137127c289dc9e6)

---
 source3/smbd/msdfs.c | 54 +++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 39 insertions(+), 15 deletions(-)

(limited to 'source3/smbd/msdfs.c')

diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 6306745574..4e673d8000 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -49,6 +49,7 @@ static NTSTATUS parse_dfs_path(const char *pathname,
 {
 	char *pathname_local;
 	char *p,*temp;
+	char *servicename;
 	char *eos_ptr;
 	NTSTATUS status = NT_STATUS_OK;
 	char sepchar;
@@ -128,25 +129,48 @@ static NTSTATUS parse_dfs_path(const char *pathname,
 	DEBUG(10,("parse_dfs_path: hostname: %s\n",pdp->hostname));
 
 	/* Parse out servicename. */
-	temp = p+1;
-	p = strchr_m(temp,sepchar);
+	servicename = p+1;
+	p = strchr_m(servicename,sepchar);
+	if (p) {
+		*p = '\0';
+	}
+
+	/* Is this really our servicename ? */
+	if (NULL == conn_find_byname(servicename)) {
+		DEBUG(10,("parse_dfs_path: %s is not our servicename\n",
+			servicename));
+
+		/*
+		 * Possibly client sent a local path by mistake.
+		 * Try and convert to a local path.
+		 */
+
+		pdp->hostname = eos_ptr; /* "" */
+		pdp->servicename = eos_ptr; /* "" */
+
+		/* Repair the path - replace the sepchar's
+		   we nulled out */
+		servicename--;
+		*servicename = sepchar;
+		if (p) {
+			*p = sepchar;
+		}
+
+		p = temp;
+		DEBUG(10,("parse_dfs_path: trying to convert %s "
+			"to a local path\n",
+			temp));
+		goto local_path;
+	}
+
+	pdp->servicename = servicename;
+
 	if(p == NULL) {
-		pdp->servicename = temp;
+		/* Client sent self referral \server\share. */
 		pdp->reqpath = eos_ptr; /* "" */
-		/* Is this really our servicename ? */
-		if (NULL == conn_find_byname(pdp->servicename)) {
-			DEBUG(10,("parse_dfs_path: %s is not our servicename\n",
-				pdp->servicename));
-			p = temp;
-			DEBUG(10,("parse_dfs_path: trying to convert %s "
-				"to a local path\n",
-				temp));
-			goto local_path;
-		}
 		return NT_STATUS_OK;
 	}
-	*p = '\0';
-	pdp->servicename = temp;
+
 	DEBUG(10,("parse_dfs_path: servicename: %s\n",pdp->servicename));
 
 	p++;
-- 
cgit