r6977: Fix bug #2735 (not mangling control characters) plus

ensure we don't create files with control characters
either.
Jeremy.

3 files changed, 15 insertions, 0 deletions

diff --git a/source/smbd/mangle_hash.c b/source/smbd/mangle_hash.c
index fee386d6db9..871702623a8 100644
--- a/source/smbd/mangle_hash.c
+++ b/source/smbd/mangle_hash.c
@@ -95,6 +95,10 @@ static NTSTATUS has_illegal_chars(const smb_ucs2_t *s, BOOL allow_wildcards)
 	}
 
 	while (*s) {
+		if (*s <= 0x1f) {
+			/* Control characters. */
+			return NT_STATUS_UNSUCCESSFUL;
+		}
 		switch(*s) {
 			case UCS2_CHAR('\\'):
 			case UCS2_CHAR('/'):
diff --git a/source/smbd/mangle_hash2.c b/source/smbd/mangle_hash2.c
index 6a8462ee3d0..4325c07f580 100644
--- a/source/smbd/mangle_hash2.c
+++ b/source/smbd/mangle_hash2.c
@@ -633,6 +633,11 @@ static void init_tables(void)
 	memset(char_flags, 0, sizeof(char_flags));
 
 	for (i=1;i<128;i++) {
+		if (i <= 0x1f) {
+			/* Control characters. */
+			char_flags[i] |= FLAG_ILLEGAL;
+		}
+
 		if ((i >= '0' && i <= '9') || 
 		    (i >= 'a' && i <= 'z') || 
 		    (i >= 'A' && i <= 'Z')) {
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 686f54c5e71..1c2e9508367 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -118,6 +118,9 @@ NTSTATUS check_path_syntax(pstring destname, const pstring srcname)
 		}
 
 		if (!(*s & 0x80)) {
+			if (*s <= 0x1f) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
 			switch (*s) {
 				case '*':
 				case '?':
@@ -244,6 +247,9 @@ NTSTATUS check_path_syntax_wcard(pstring destname, const pstring srcname)
 		}
 
 		if (!(*s & 0x80)) {
+			if (*s <= 0x1f) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
 			*d++ = *s++;
 		} else {
 			switch(next_mb_char_size(s)) {