svn commit: samba r12243 - in trunk/source: include param rpc_server
jra at samba.org
jra at samba.org
Wed Dec 14 20:28:47 GMT 2005
Author: jra
Date: 2005-12-14 20:28:45 +0000 (Wed, 14 Dec 2005)
New Revision: 12243
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12243
Log:
The usershare code needs to validate service names
too. Add '%' as an invalid sharename so we don't
get bitten by substitution expansion.
Jeremy.
Modified:
trunk/source/include/local.h
trunk/source/param/loadparm.c
trunk/source/rpc_server/srv_srvsvc_nt.c
Changeset:
Modified: trunk/source/include/local.h
===================================================================
--- trunk/source/include/local.h 2005-12-14 19:19:43 UTC (rev 12242)
+++ trunk/source/include/local.h 2005-12-14 20:28:45 UTC (rev 12243)
@@ -238,4 +238,7 @@
/* tdb hash size for the open database. */
#define SMB_OPEN_DATABASE_TDB_HASH_SIZE 1049
+/* Characters we disallow in sharenames. */
+#define INVALID_SHARENAME_CHARS "%<>*?|/\\+=;:\","
+
#endif
Modified: trunk/source/param/loadparm.c
===================================================================
--- trunk/source/param/loadparm.c 2005-12-14 19:19:43 UTC (rev 12242)
+++ trunk/source/param/loadparm.c 2005-12-14 20:28:45 UTC (rev 12243)
@@ -4284,6 +4284,13 @@
return True;
}
+ /* The path *must* be absolute. */
+ if (sharepath[0] != '/') {
+ DEBUG(0,("parse_usershare_file: path %s is not an absolute path.\n",
+ sharepath));
+ return False;
+ }
+
/* Ensure this is pointing to a directory. */
dp = sys_opendir(sharepath);
@@ -4357,8 +4364,11 @@
TALLOC_CTX *ctx = NULL;
SEC_DESC *psd = NULL;
- /* No names containing substitute chars. */
- if (strchr_m(file_name, '%')) {
+ /* Ensure share name doesn't contain invalid characters. */
+ if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
+ DEBUG(0,("process_usershare_file: share name %s contains "
+ "invalid characters (any of %s)\n",
+ file_name, INVALID_SHARENAME_CHARS ));
return -1;
}
Modified: trunk/source/rpc_server/srv_srvsvc_nt.c
===================================================================
--- trunk/source/rpc_server/srv_srvsvc_nt.c 2005-12-14 19:19:43 UTC (rev 12242)
+++ trunk/source/rpc_server/srv_srvsvc_nt.c 2005-12-14 20:28:45 UTC (rev 12243)
@@ -29,14 +29,12 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
-#define INVALID_SHARENAME_CHARS "<>*?|/\\+=;:\","
-
/********************************************************************
Check a string for any occurrences of a specified list of invalid
characters.
********************************************************************/
-static BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len )
+BOOL validate_net_name( const char *name, const char *invalid_chars, int max_len )
{
int i;
More information about the samba-cvs
mailing list