andy/glusterfs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

server-protocol: don't allow '../' path in 'name'

Browse Source 
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
This commit is contained in:
Amar Tumballi 2018-08-09 13:00:01 +05:30
parent cc3271ebf3
commit 9ae986f18c
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
xlators/protocol/server/src/server-resolve.c
View File

@ -311,6 +311,18 @@ resolve_entry_simple (call_frame_t *frame)
/* expected @parent was found from the inode cache */
gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
state->loc_now->parent = inode_ref (parent);
if (strstr (resolve->bname, "../")) {
/* Resolving outside the parent's tree is not allowed */
gf_msg (this->name, GF_LOG_ERROR, EPERM,
PS_MSG_GFID_RESOLVE_FAILED,
"%s: path sent by client not allowed",
resolve->bname);
resolve->op_ret = -1;
resolve->op_errno = EPERM;
ret = 1;
goto out;
}
state->loc_now->name = resolve->bname;
inode = inode_grep (state->itable, parent, resolve->bname);

6
xlators/storage/posix/src/posix-handle.h
View File

@ -142,6 +142,12 @@
break; \
} \
\
if (strstr (loc->name, "../")) { \
gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
"'../' in name not allowed: (%s)", loc->name); \
op_ret = -1; \
break; \
} \
if (LOC_HAS_ABSPATH (loc)) { \
MAKE_REAL_PATH (entp, this, loc->path); \
__parp = strdupa (entp); \