1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-18 06:04:06 +03:00

CVE-2023-34968: lib: Move subdir_of() to source3/lib/util_path.c

Make it available for other components

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
(backported from commit d905dbddf8d2655e6c91752b750cbe9c15837ee5)
[slow@samba.org: subdir_of() didn't exist yet in 4.16 so this just adds it]
This commit is contained in:
Volker Lendecke 2022-10-15 13:29:14 +02:00 committed by Jule Anger
parent 5b4353cc60
commit 843ec381de
2 changed files with 56 additions and 0 deletions

View File

@ -23,6 +23,8 @@
#include "replace.h"
#include <talloc.h>
#include "lib/util/debug.h"
#include "lib/util/fault.h"
#include "lib/util/samba_util.h"
#include "lib/util_path.h"
@ -210,3 +212,53 @@ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *pathname_in)
*p++ = '\0';
return pathname;
}
/*
* Take two absolute paths, figure out if "subdir" is a proper
* subdirectory of "parent". Return the component relative to the
* "parent" without the potential "/". Take care of "parent"
* possibly ending in "/".
*/
bool subdir_of(const char *parent,
size_t parent_len,
const char *subdir,
const char **_relative)
{
const char *relative = NULL;
bool matched;
SMB_ASSERT(parent[0] == '/');
SMB_ASSERT(subdir[0] == '/');
if (parent_len == 1) {
/*
* Everything is below "/"
*/
*_relative = subdir+1;
return true;
}
if (parent[parent_len-1] == '/') {
parent_len -= 1;
}
matched = (strncmp(subdir, parent, parent_len) == 0);
if (!matched) {
return false;
}
relative = &subdir[parent_len];
if (relative[0] == '\0') {
*_relative = relative; /* nothing left */
return true;
}
if (relative[0] == '/') {
/* End of parent must match a '/' in subdir. */
*_relative = relative+1;
return true;
}
return false;
}

View File

@ -31,5 +31,9 @@ char *lock_path(TALLOC_CTX *mem_ctx, const char *name);
char *state_path(TALLOC_CTX *mem_ctx, const char *name);
char *cache_path(TALLOC_CTX *mem_ctx, const char *name);
char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path);
bool subdir_of(const char *parent,
size_t parent_len,
const char *subdir,
const char **_relative);
#endif