From 4a80289db728d5a4c41144fd7ef8a567f30263d2 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 10 Oct 2007 19:50:25 +0000 Subject: [PATCH] windows-freelance-pioctl-two-20071010 explicitly process the last component of the path separately and do not follow symlinks or chase mountpoints on the last component. --- src/WINNT/afsd/cm_ioctl.c | 61 ++++++++++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 8 deletions(-) diff --git a/src/WINNT/afsd/cm_ioctl.c b/src/WINNT/afsd/cm_ioctl.c index 2f8e759b0..d492fadbe 100644 --- a/src/WINNT/afsd/cm_ioctl.c +++ b/src/WINNT/afsd/cm_ioctl.c @@ -199,8 +199,10 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, long code; #ifndef AFSIFS cm_scache_t *substRootp = NULL; + cm_scache_t *iscp = NULL; #endif char * relativePath = ioctlp->inDatap; + char * lastComponent = NULL; afs_uint32 follow = 0; osi_Log1(afsd_logp, "cm_ParseIoctlPath %s", osi_LogSaveString(afsd_logp,relativePath)); @@ -228,6 +230,7 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, return code; } #else /* AFSIFS */ + if (relativePath[0] == relativePath[1] && relativePath[1] == '\\' && !_strnicmp(cm_NetbiosName,relativePath+2,strlen(cm_NetbiosName))) @@ -264,8 +267,22 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, return code; } - code = cm_NameI(substRootp, p, CM_FLAG_CASEFOLD | follow, - userp, NULL, reqp, scpp); + lastComponent = strrchr(p, '\\'); + if (lastComponent && strlen(p) > 1) { + *lastComponent = '\0'; + lastComponent++; + + code = cm_NameI(substRootp, p, CM_FLAG_CASEFOLD | CM_FLAG_FOLLOW, + userp, NULL, reqp, &iscp); + if (code == 0) + code = cm_NameI(iscp, lastComponent, CM_FLAG_CASEFOLD | CM_FLAG_NOMOUNTCHASE, + userp, NULL, reqp, scpp); + if (iscp) + cm_ReleaseSCache(iscp); + } else { + code = cm_NameI(substRootp, p, CM_FLAG_CASEFOLD | CM_FLAG_NOMOUNTCHASE, + userp, NULL, reqp, scpp); + } cm_ReleaseSCache(substRootp); if (code) { osi_Log1(afsd_logp,"cm_ParseIoctlPath [2] code 0x%x", code); @@ -297,9 +314,24 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, return code; } - code = cm_NameI(substRootp, p, CM_FLAG_CASEFOLD | follow, - userp, NULL, reqp, scpp); - if (code) { + lastComponent = strrchr(p, '\\'); + if (lastComponent && strlen(p) > 1) { + *lastComponent = '\0'; + lastComponent++; + + code = cm_NameI(substRootp, p, CM_FLAG_CASEFOLD | CM_FLAG_FOLLOW, + userp, NULL, reqp, &iscp); + if (code == 0) + code = cm_NameI(iscp, lastComponent, CM_FLAG_CASEFOLD | CM_FLAG_NOMOUNTCHASE, + userp, NULL, reqp, scpp); + if (iscp) + cm_ReleaseSCache(iscp); + } else { + code = cm_NameI(substRootp, p, CM_FLAG_CASEFOLD | CM_FLAG_NOMOUNTCHASE, + userp, NULL, reqp, scpp); + } + + if (code) { cm_ReleaseSCache(substRootp); osi_Log1(afsd_logp,"cm_ParseIoctlPath code [4] 0x%x", code); return code; @@ -314,9 +346,22 @@ long cm_ParseIoctlPath(smb_ioctl_t *ioctlp, cm_user_t *userp, cm_req_t *reqp, return code; } - code = cm_NameI(substRootp, relativePath, - CM_FLAG_CASEFOLD | follow, - userp, NULL, reqp, scpp); + lastComponent = strrchr(relativePath, '\\'); + if (lastComponent && strlen(relativePath) > 1) { + *lastComponent = '\0'; + lastComponent++; + + code = cm_NameI(substRootp, relativePath, CM_FLAG_CASEFOLD | CM_FLAG_FOLLOW, + userp, NULL, reqp, &iscp); + if (code == 0) + code = cm_NameI(iscp, lastComponent, CM_FLAG_CASEFOLD | CM_FLAG_NOMOUNTCHASE, + userp, NULL, reqp, scpp); + if (iscp) + cm_ReleaseSCache(iscp); + } else { + code = cm_NameI(substRootp, relativePath, CM_FLAG_CASEFOLD | CM_FLAG_NOMOUNTCHASE, + userp, NULL, reqp, scpp); + } if (code) { cm_ReleaseSCache(substRootp); osi_Log1(afsd_logp,"cm_ParseIoctlPath [7] code 0x%x", code); -- 2.39.5