[SCM] Samba Shared Repository - branch master updated -
edde763d3f981f9ccdf65feffd85a591fb1708c1
Jeremy Allison
jra at samba.org
Mon Dec 1 21:23:17 GMT 2008
The branch, master has been updated
via edde763d3f981f9ccdf65feffd85a591fb1708c1 (commit)
from 49a8bd5e14fdb78197fc821fca72f0ba201f5f39 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit edde763d3f981f9ccdf65feffd85a591fb1708c1
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Dec 1 13:22:55 2008 -0800
s3:smbd: correctly verify stream names to pass RAW-STREAMS
metze
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/reply.c | 36 +++++++++++++++++++++++++++++++++++-
1 files changed, 35 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index d23f9c1..a1833b5 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -52,11 +52,45 @@ static NTSTATUS check_path_syntax_internal(char *path,
const char *s = path;
NTSTATUS ret = NT_STATUS_OK;
bool start_of_name_component = True;
+ bool stream_started = false;
*p_last_component_contains_wcard = False;
while (*s) {
- if (IS_PATH_SEP(*s,posix_path)) {
+ if (stream_started) {
+ switch (*s) {
+ case '/':
+ case '\\':
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ case ':':
+ if (s[1] == '\0') {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ if (strchr_m(&s[1], ':')) {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ if (StrCaseCmp(s, ":$DATA") != 0) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ break;
+ }
+ }
+
+ if (!stream_started && *s == ':') {
+ if (*p_last_component_contains_wcard) {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ /* stream names allow more characters than file names */
+ stream_started = true;
+ start_of_name_component = false;
+ posix_path = true;
+
+ if (s[1] == '\0') {
+ return NT_STATUS_OBJECT_NAME_INVALID;
+ }
+ }
+
+ if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
/*
* Safe to assume is not the second part of a mb char
* as this is handled below.
--
Samba Shared Repository
More information about the samba-cvs
mailing list