1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first

I guess we should catch NT_STATUS_OBJECT_NAME_INVALID first,
currently the check is already done in check_path_syntax*,
but we may remove it in future.

But the most important reason for this is the
openat2(RESOLVE_NO_SYMLINK) optimization, which will
be introduced in the following commits.

Review with: git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This commit is contained in:
Stefan Metzmacher 2022-08-10 22:01:10 +02:00 committed by Volker Lendecke
parent f7dc275583
commit 17484d069b

View File

@ -793,22 +793,45 @@ NTSTATUS openat_pathref_dirfsp_nosymlink(
goto nomem;
}
/*
* First split the path into individual components.
*/
path = path_to_strv(talloc_tos(), path_in);
if (path == NULL) {
DBG_DEBUG("path_to_strv() failed\n");
goto nomem;
}
rel_fname.base_name = path;
/*
* First we loop over all components
* in order to verify, there's no '.' or '..'
*/
rel_fname.base_name = path;
while (rel_fname.base_name != NULL) {
next = strv_next(path, rel_fname.base_name);
if (ISDOT(rel_fname.base_name) || ISDOTDOT(rel_fname.base_name)) {
DBG_DEBUG("%s contains a dot\n", path_in);
status = NT_STATUS_OBJECT_NAME_INVALID;
goto fail;
}
rel_fname.base_name = next;
}
/*
* Now we loop over all components
* opening each one and using it
* as dirfd for the next one.
*
* It means we can detect symlinks
* within the path.
*/
rel_fname.base_name = path;
next:
next = strv_next(path, rel_fname.base_name);
if (ISDOT(rel_fname.base_name) || ISDOTDOT(rel_fname.base_name)) {
DBG_DEBUG("%s contains a dot\n", path_in);
status = NT_STATUS_OBJECT_NAME_INVALID;
goto fail;
}
fd = SMB_VFS_OPENAT(
conn,
dirfsp,