Re: [PATCH v4] ksmbd: use LOOKUP_BENEATH to prevent the out of share access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Sep 25, 2021 at 12:06:16AM +0900, Hyunchul Lee wrote:
instead of removing '..' in a given path, call
kern_path with LOOKUP_BENEATH flag to prevent
the out of share access.

ran various test on this:
smb2-cat-async smb://127.0.0.1/homes/../out_of_share
smb2-cat-async smb://127.0.0.1/homes/foo/../../out_of_share
smbclient //127.0.0.1/homes -c "mkdir ../foo2"
smbclient //127.0.0.1/homes -c "rename bar ../bar"

FYI, MS-FSCC states:

"Except where explicitly permitted, a pathname component that is a dot directory name MUST NOT
be sent over the wire."

so it might be easier to just refuse with an
error a pathname containing "." or ".." on input
processing rather than try and deal with it.

Might be interesting to test this against a
Windows server and see what it does here.



[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux