[SCM] Samba Shared Repository - branch v4-17-test updated
Jule Anger
janger at samba.org
Thu Jan 5 10:02:01 UTC 2023
The branch, v4-17-test has been updated
via 33a5ca2f999 s3: smbd: Strip any leading '\' characters if the SMB2 DFS flag is set.
from bc05daafbc6 s3:client: Fix a use-after-free issue in smbclient
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-17-test
- Log -----------------------------------------------------------------
commit 33a5ca2f999509373d502bb3617df44c519e243a
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jan 3 18:28:54 2023 -0800
s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set.
MacOS clients send SMB2 DFS pathnames as \server\share\file\name.
Ensure smbd can cope with this by stipping any leading '\\'
characters from an SMB2 packet with the DFS flag set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15277
NB. The test for this is not back-ported to
4.17 as there are too many changes in the
test infrastructure and supporting client
libraries between 4.17 and master.
Back-ported from c9a6e242d15ee707a2e30f973fd37e80b3225aca.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Jan 5 10:01:54 UTC 2023 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/smb2_create.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 75b9c7d28ff..cee67eab2d1 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -771,6 +771,17 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
in_file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
+ is_dfs = (smb1req->flags2 & FLAGS2_DFS_PATHNAMES);
+ if (is_dfs) {
+ /*
+ * With a DFS flag set, remove any leading '\\'
+ * characters from in_name before further processing.
+ */
+ while (in_name[0] == '\\') {
+ in_name++;
+ }
+ }
+
state->fname = talloc_strdup(state, in_name);
if (tevent_req_nomem(state->fname, req)) {
return tevent_req_post(req, state->ev);
@@ -961,8 +972,6 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
state->lease_ptr = NULL;
}
- is_dfs = (smb1req->flags2 & FLAGS2_DFS_PATHNAMES);
-
/* convert '\\' into '/' */
status = check_path_syntax_smb2(state->fname, is_dfs);
if (!NT_STATUS_IS_OK(status)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list