IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Commit 7606c0db25 fixes the
path checks in check_reduced_name[_with_privilege]() to
prevent unintended access via wide links.
The fix fails to correctly treat a corner case where the share
path is "/". This case is important for some real world
scenarios, notably the use of the glusterfs VFS module:
For the share path "/", the newly introduced checks deny all
operations in the share.
This change fixes the checks for the corner case.
The point is that the assumptions on which the original
checks are based are not true for the rootdir "/" case.
This is the case where the rootdir starts _and ends_ with
a slash. Hence a subdirectory does not continue with a
slash after the rootdir, since the candidate path has
been normalized.
This fix just omits the string comparison and the
next character checks in the case of rootdir "/",
which is correct because we know that the candidate
path is normalized and hence starts with a '/'.
The patch is fairly minimal, but changes indentation,
hence best viewed with 'git show -w'.
A side effect is that the rootdir="/" case needs
one strncmp less.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11647
Pair-Programmed-With: Jose A. Rivera <jarrpa@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Dec 24 00:57:31 CET 2015 on sn-devel-144