[PATCH] s3/rpc_server: Character Encode Spotlight Queries

Jeremy Allison jra at samba.org
Mon Jul 9 18:27:49 UTC 2018


On Sat, Jul 07, 2018 at 11:03:14AM +0200, Ralph Böhme via samba-technical wrote:
> Hi!
> 
> Attached find a patch for the Spotlight RPC server. Please review&push if
> happy. Thanks!

Looks OK from a C point of view, just a quick question
on semantics before I RB+ though.

"scope" comes from the user query (i.e. client specified)
yeah ?

What implication does G_URI_RESERVED_CHARS_ALLOWED_IN_PATH
have on g_uri_escape_string() ?

Can you give me a quick overview on the security implications
of this ?

Cheers,

	Jeremy.

> -- 
> Ralph Boehme, Samba Team       https://samba.org/
> Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
> GPG Key Fingerprint:           FAE2 C608 8A24 2520 51C5
>                               59E4 AA1E 9B71 2639 9E46

> From 9de5db6461d781dc6a2355c8fa41c36c272dbcaa Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Wed, 15 Mar 2017 13:38:19 +0100
> Subject: [PATCH] s3/rpc_server: Character Encode Spotlight Queries
> 
> Fix path escaping in Spotlight so paths with spaces or special
> characters can be properly matched to tracker paths.
> 
> Bug: https://bugzilla.samba.org/show_bug.cgi?id=12688
> 
> Based-on-a-patch-from: Mike M Pestorich <mmpestorich at gmail.com>
> (similar to github.com/netatalk/netatalk/commit/90aa43d)
> 
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
>  source3/rpc_server/mdssvc/mdssvc.c | 16 +++++++++++++---
>  1 file changed, 13 insertions(+), 3 deletions(-)
> 
> diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c
> index 9be0cc48877..5a63d379738 100644
> --- a/source3/rpc_server/mdssvc/mdssvc.c
> +++ b/source3/rpc_server/mdssvc/mdssvc.c
> @@ -1136,6 +1136,8 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
>  	struct sl_query *slq = NULL;
>  	int result;
>  	char *querystring;
> +	char *scope = NULL;
> +	char *escaped_scope = NULL;
>  
>  	array = dalloc_zero(reply, sl_array_t);
>  	if (array == NULL) {
> @@ -1214,12 +1216,20 @@ static bool slrpc_open_query(struct mds_ctx *mds_ctx,
>  		goto error;
>  	}
>  
> -	slq->path_scope = dalloc_get(path_scope, "char *", 0);
> -	if (slq->path_scope == NULL) {
> +	scope = dalloc_get(path_scope, "char *", 0);
> +	if (scope == NULL) {
> +		goto error;
> +	}
> +
> +	escaped_scope = g_uri_escape_string(scope,
> +					    G_URI_RESERVED_CHARS_ALLOWED_IN_PATH,
> +					    TRUE);
> +	if (escaped_scope == NULL) {
>  		goto error;
>  	}
>  
> -	slq->path_scope = talloc_strdup(slq, slq->path_scope);
> +	slq->path_scope = talloc_strdup(slq, escaped_scope);
> +	g_free(escaped_scope);
>  	if (slq->path_scope == NULL) {
>  		goto error;
>  	}
> -- 
> 2.13.6
> 




More information about the samba-technical mailing list