svn commit: samba r12243 - in trunk/source: include param rpc_server

jra at samba.org jra at samba.org
Wed Dec 14 20:28:47 GMT 2005 

Author: jra
Date: 2005-12-14 20:28:45 +0000 (Wed, 14 Dec 2005)
New Revision: 12243

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12243

Log:
The usershare code needs to validate service names
too. Add '%' as an invalid sharename so we don't
get bitten by substitution expansion.
Jeremy.

Modified:
   trunk/source/include/local.h
   trunk/source/param/loadparm.c
   trunk/source/rpc_server/srv_srvsvc_nt.c


Changeset:
Modified: trunk/source/include/local.h
===================================================================
--- trunk/source/include/local.h	2005-12-14 19:19:43 UTC (rev 12242)
+++ trunk/source/include/local.h	2005-12-14 20:28:45 UTC (rev 12243)
@@ -238,4 +238,7 @@
 /* tdb hash size for the open database. */
 #define SMB_OPEN_DATABASE_TDB_HASH_SIZE 1049
 
+/* Characters we disallow in sharenames. */
+#define INVALID_SHARENAME_CHARS "%<>*?|/\\+=;:\","
+
 #endif

Modified: trunk/source/param/loadparm.c
===================================================================
--- trunk/source/param/loadparm.c	2005-12-14 19:19:43 UTC (rev 12242)
+++ trunk/source/param/loadparm.c	2005-12-14 20:28:45 UTC (rev 12243)
@@ -4284,6 +4284,13 @@
 		return True;
 	}
 
+	/* The path *must* be absolute. */
+	if (sharepath[0] != '/') {
+		DEBUG(0,("parse_usershare_file: path %s is not an absolute path.\n",
+			sharepath));
+		return False;
+	}
+
 	/* Ensure this is pointing to a directory. */
 	dp = sys_opendir(sharepath);
 
@@ -4357,8 +4364,11 @@
 	TALLOC_CTX *ctx = NULL;
 	SEC_DESC *psd = NULL;
 
-	/* No names containing substitute chars. */
-	if (strchr_m(file_name, '%')) {
+	/* Ensure share name doesn't contain invalid characters. */
+	if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
+		DEBUG(0,("process_usershare_file: share name %s contains "
+			"invalid characters (any of %s)\n",
+			file_name, INVALID_SHARENAME_CHARS ));
 		return -1;
 	}
 

Modified: trunk/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- trunk/source/rpc_server/srv_srvsvc_nt.c	2005-12-14 19:19:43 UTC (rev 12242)
+++ trunk/source/rpc_server/srv_srvsvc_nt.c	2005-12-14 20:28:45 UTC (rev 12243)
@@ -29,14 +29,12 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
-#define INVALID_SHARENAME_CHARS "<>*?|/\\+=;:\","
-
 /********************************************************************
  Check a string for any occurrences of a specified list of invalid 
  characters.
 ********************************************************************/
 
-static BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len )
+BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len )
 {
 	int i;

More information about the samba-cvs mailing list