mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
lib:util: Make probing of modules more secure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12780 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
da9de19cf9
commit
91ef234a0a
@ -261,9 +261,73 @@ int smb_load_all_modules_absoute_path(const char **modules)
|
||||
return success;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Check if a module exist and load it.
|
||||
*
|
||||
* @param[in] subsystem The name of the subsystem the module belongs too.
|
||||
*
|
||||
* @param[in] module The name of the module
|
||||
*
|
||||
* @return A NTSTATUS code
|
||||
*/
|
||||
NTSTATUS smb_probe_module(const char *subsystem, const char *module)
|
||||
{
|
||||
return do_smb_load_module(subsystem, module, true);
|
||||
NTSTATUS status;
|
||||
char *module_path = NULL;
|
||||
TALLOC_CTX *tmp_ctx = talloc_stackframe();
|
||||
|
||||
if (subsystem == NULL) {
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
goto done;
|
||||
}
|
||||
if (module == NULL) {
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (strchr(module, '/')) {
|
||||
status = NT_STATUS_INVALID_PARAMETER;
|
||||
goto done;
|
||||
}
|
||||
|
||||
module_path = talloc_asprintf(tmp_ctx,
|
||||
"%s/%s.%s",
|
||||
modules_path(tmp_ctx, subsystem),
|
||||
module,
|
||||
shlib_ext());
|
||||
if (module_path == NULL) {
|
||||
status = NT_STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
status = load_module_absolute_path(module_path, true);
|
||||
|
||||
done:
|
||||
TALLOC_FREE(tmp_ctx);
|
||||
return status;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Check if a module exist and load it.
|
||||
*
|
||||
* Warning: Using this function can have security implecations!
|
||||
*
|
||||
* @param[in] subsystem The name of the subsystem the module belongs too.
|
||||
*
|
||||
* @param[in] module Load a module using an abolute path.
|
||||
*
|
||||
* @return A NTSTATUS code
|
||||
*/
|
||||
NTSTATUS smb_probe_module_absolute_path(const char *module)
|
||||
{
|
||||
if (module == NULL) {
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
if (module[0] != '/') {
|
||||
return NT_STATUS_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
return load_module_absolute_path(module, true);
|
||||
}
|
||||
|
||||
NTSTATUS smb_load_module(const char *subsystem, const char *module)
|
||||
|
@ -55,6 +55,7 @@ init_module_fn *load_samba_modules(TALLOC_CTX *mem_ctx, const char *subsystem);
|
||||
|
||||
int smb_load_all_modules_absoute_path(const char **modules);
|
||||
NTSTATUS smb_probe_module(const char *subsystem, const char *module);
|
||||
NTSTATUS smb_probe_module_absolute_path(const char *module);
|
||||
NTSTATUS smb_load_module(const char *subsystem, const char *module);
|
||||
|
||||
#endif /* _SAMBA_MODULES_H */
|
||||
|
@ -144,7 +144,7 @@ static bool smb_load_perfcount_module(const char *name)
|
||||
|
||||
/* load the perfcounter module */
|
||||
if((entry = smb_perfcount_find_module(module_name)) ||
|
||||
(NT_STATUS_IS_OK(smb_probe_module("perfcount", module_path)) &&
|
||||
(NT_STATUS_IS_OK(smb_probe_module_absolute_path(module_path)) &&
|
||||
(entry = smb_perfcount_find_module(module_name)))) {
|
||||
|
||||
DEBUG(3,("Successfully loaded perfcounter module [%s] \n", name));
|
||||
|
Loading…
Reference in New Issue
Block a user