diff options
| author | Jeremy Allison <jra@samba.org> | 2014-06-16 14:28:11 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2014-06-18 07:15:13 +0200 |
| commit | 22c974f57bab050e56e268e7ccfa2f93cae2093e (patch) | |
| tree | 221cfb59d5393d1bb7e22848f869e2099cffc08a | |
| parent | 1c44d9a3e1f0ffdb3848c6a7b1e01057a42d5359 (diff) | |
| download | samba-22c974f57bab050e56e268e7ccfa2f93cae2093e.tar.gz samba-22c974f57bab050e56e268e7ccfa2f93cae2093e.tar.xz samba-22c974f57bab050e56e268e7ccfa2f93cae2093e.zip | |
s3: smb2 - strictly obey file name restrictions w.r.t. the SMB2 protocol spec.
MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request
If the file name length is greater than zero and the
first character is a path separator character, the
server MUST fail the request with
STATUS_INVALID_PARAMETER.
Found and fix confirmed by Microsoft test tool.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
| -rw-r--r-- | source3/smbd/smb2_create.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 4bb28d44e7..4e2e6bc3ff 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -922,6 +922,22 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + /* + * We know we're going to do a local open, so now + * we must be protocol strict. JRA. + * + * MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request + * If the file name length is greater than zero and the + * first character is a path separator character, the + * server MUST fail the request with + * STATUS_INVALID_PARAMETER. + */ + if (in_name[0] == '\\' || in_name[0] == '/') { + tevent_req_nterror(req, + NT_STATUS_INVALID_PARAMETER); + return tevent_req_post(req, ev); + } + status = SMB_VFS_CREATE_FILE(smb1req->conn, smb1req, 0, /* root_dir_fid */ |