sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code

CVE-2022-3592 lib: Move subdir_of() to source3/lib/util_path.c

Browse Source 
Make it available for other components

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
Signed-off-by: Volker Lendecke <vl@samba.org>
This commit is contained in:
Volker Lendecke 2022-10-15 13:29:14 +02:00 committed by Jule Anger
parent fbc0feeca4
commit d905dbddf8
3 changed files with 54 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
source3/lib/util_path.c
View File

@ -304,3 +304,53 @@ bool extract_snapshot_token(char *fname, NTTIME *twrp)
return true; return true;
} }
/*
* Take two absolute paths, figure out if "subdir" is a proper
* subdirectory of "parent". Return the component relative to the
* "parent" without the potential "/". Take care of "parent"
* possibly ending in "/".
*/
bool subdir_of(const char *parent,
size_t parent_len,
const char *subdir,
const char **_relative)
{
const char *relative = NULL;
bool matched;
SMB_ASSERT(parent[0] == '/');
SMB_ASSERT(subdir[0] == '/');
if (parent_len == 1) {
/*
* Everything is below "/"
*/
*_relative = subdir+1;
return true;
}
if (parent[parent_len-1] == '/') {
parent_len -= 1;
}
matched = (strncmp(subdir, parent, parent_len) == 0);
if (!matched) {
return false;
}
relative = &subdir[parent_len];
if (relative[0] == '\0') {
*_relative = relative; /* nothing left */
return true;
}
if (relative[0] == '/') {
/* End of parent must match a '/' in subdir. */
*_relative = relative+1;
return true;
}
return false;
}

4
source3/lib/util_path.h
View File

@ -49,5 +49,9 @@ bool clistr_is_previous_version_path(const char *path,
const char **startp, const char **startp,
const char **endp, const char **endp,
NTTIME *ptwrp); NTTIME *ptwrp);
bool subdir_of(const char *parent,
size_t parent_len,
const char *subdir,
const char **_relative);
#endif #endif

52
source3/smbd/open.c
View File

@ -475,58 +475,6 @@ static NTSTATUS check_base_file_access(struct files_struct *fsp,
access_mask); access_mask);
} }
/*
* Take two absolute paths, figure out if "subdir" is a proper
* subdirectory of "parent". Return the component relative to the
* "parent" without the potential "/". Take care of "parent"
* possibly ending in "/".
*/
static bool subdir_of(
const char *parent,
size_t parent_len,
const char *subdir,
const char **_relative)
{
const char *relative = NULL;
bool matched;
SMB_ASSERT(parent[0] == '/');
SMB_ASSERT(subdir[0] == '/');
if (parent_len == 1) {
/*
* Everything is below "/"
*/
*_relative = subdir+1;
return true;
}
if (parent[parent_len-1] == '/') {
parent_len -= 1;
}
matched = (strncmp(subdir, parent, parent_len) == 0);
if (!matched) {
return false;
}
relative = &subdir[parent_len];
if (relative[0] == '\0') {
*_relative = relative; /* nothing left */
return true;
}
if (relative[0] == '/') {
/* End of parent must match a '/' in subdir. */
*_relative = relative+1;
return true;
}
return false;
}
static NTSTATUS chdir_below_conn( static NTSTATUS chdir_below_conn(
TALLOC_CTX *mem_ctx, TALLOC_CTX *mem_ctx,
connection_struct *conn, connection_struct *conn,