sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-20 22:50:26 +03:00
Code

CVE-2022-3592 smbd: No empty path components in openat_pathref_dirfsp_nosymlink()

Browse Source 
Upper layers must have filtered this, everything else is a bug

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
This commit is contained in:
Volker Lendecke 2022-10-17 18:06:02 +02:00 committed by Jule Anger
parent 3007e32072
commit 4fbcfb285a
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source3/smbd/files.c
View File

@ -817,6 +817,12 @@ NTSTATUS openat_pathref_dirfsp_nosymlink(
next = strv_next(path, rel_fname.base_name);
/*
* Path sanitizing further up has cleaned or rejected
* empty path components. Assert this here.
*/
SMB_ASSERT(rel_fname.base_name[0] != '\0');
if (ISDOT(rel_fname.base_name) || ISDOTDOT(rel_fname.base_name)) {
DBG_DEBUG("%s contains a dot\n", path_in);
status = NT_STATUS_OBJECT_NAME_INVALID;