[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4564-g6f8e714

Jeremy Allison jra at samba.org
Mon Dec 1 21:22:19 GMT 2008 

The branch, v3-3-test has been updated
       via  6f8e7146cd51c81963f9e2830a4ed7e37eefdf1f (commit)
      from  7435fe9d147fd495aa2dd9cc97f6fd0c1e93bddc (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit 6f8e7146cd51c81963f9e2830a4ed7e37eefdf1f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 1 13:21:56 2008 -0800

    s3:smbd: correctly verify stream names to pass RAW-STREAMS
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source/smbd/reply.c |   36 +++++++++++++++++++++++++++++++++++-
 1 files changed, 35 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 6198818..171e85b 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -52,11 +52,45 @@ static NTSTATUS check_path_syntax_internal(char *path,
 	const char *s = path;
 	NTSTATUS ret = NT_STATUS_OK;
 	bool start_of_name_component = True;
+	bool stream_started = false;
 
 	*p_last_component_contains_wcard = False;
 
 	while (*s) {
-		if (IS_PATH_SEP(*s,posix_path)) {
+		if (stream_started) {
+			switch (*s) {
+			case '/':
+			case '\\':
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			case ':':
+				if (s[1] == '\0') {
+					return NT_STATUS_OBJECT_NAME_INVALID;
+				}
+				if (strchr_m(&s[1], ':')) {
+					return NT_STATUS_OBJECT_NAME_INVALID;
+				}
+				if (StrCaseCmp(s, ":$DATA") != 0) {
+					return NT_STATUS_INVALID_PARAMETER;
+				}
+				break;
+			}
+		}
+
+		if (!stream_started && *s == ':') {
+			if (*p_last_component_contains_wcard) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			/* stream names allow more characters than file names */
+			stream_started = true;
+			start_of_name_component = false;
+			posix_path = true;
+
+			if (s[1] == '\0') {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+		}
+
+		if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
 			/*
 			 * Safe to assume is not the second part of a mb char
 			 * as this is handled below.


-- 
Samba Shared Repository

More information about the samba-cvs mailing list