[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-3204-g3a5d85c

Jeremy Allison jra at samba.org
Mon Dec 1 21:22:21 GMT 2008 

The branch, v3-2-test has been updated
       via  3a5d85ca7ca54f7ab5e742c6026b528fcc94bae5 (commit)
      from  7d86c371f4613287e5e7461db37ee5db86c2a5aa (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -----------------------------------------------------------------
commit 3a5d85ca7ca54f7ab5e742c6026b528fcc94bae5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Dec 1 13:20:56 2008 -0800

    s3:smbd: correctly verify stream names to pass RAW-STREAMS
    
    metze

-----------------------------------------------------------------------

Summary of changes:
 source/smbd/reply.c |   36 +++++++++++++++++++++++++++++++++++-
 1 files changed, 35 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index e46479c..1b70f08 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -54,11 +54,45 @@ static NTSTATUS check_path_syntax_internal(char *path,
 	const char *s = path;
 	NTSTATUS ret = NT_STATUS_OK;
 	bool start_of_name_component = True;
+	bool stream_started = false;
 
 	*p_last_component_contains_wcard = False;
 
 	while (*s) {
-		if (IS_PATH_SEP(*s,posix_path)) {
+		if (stream_started) {
+			switch (*s) {
+			case '/':
+			case '\\':
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			case ':':
+				if (s[1] == '\0') {
+					return NT_STATUS_OBJECT_NAME_INVALID;
+				}
+				if (strchr_m(&s[1], ':')) {
+					return NT_STATUS_OBJECT_NAME_INVALID;
+				}
+				if (StrCaseCmp(s, ":$DATA") != 0) {
+					return NT_STATUS_INVALID_PARAMETER;
+				}
+				break;
+			}
+		}
+
+		if (!stream_started && *s == ':') {
+			if (*p_last_component_contains_wcard) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			/* stream names allow more characters than file names */
+			stream_started = true;
+			start_of_name_component = false;
+			posix_path = true;
+
+			if (s[1] == '\0') {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+		}
+
+		if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
 			/*
 			 * Safe to assume is not the second part of a mb char
 			 * as this is handled below.


-- 
Samba Shared Repository

More information about the samba-cvs mailing list