Re: [PATCH v4] ksmbd: use LOOKUP_BENEATH to prevent the out of share access

Namjae Jeon <linkinjeon@xxxxxxxxxx> · Sat, 25 Sep 2021 09:08:15 +0900

2021-09-25 2:20 GMT+09:00, Jeremy Allison <jra@xxxxxxxxx>:
> On Sat, Sep 25, 2021 at 12:06:16AM +0900, Hyunchul Lee wrote:
>>instead of removing '..' in a given path, call
>>kern_path with LOOKUP_BENEATH flag to prevent
>>the out of share access.
>>
>>ran various test on this:
>>smb2-cat-async smb://127.0.0.1/homes/../out_of_share
>>smb2-cat-async smb://127.0.0.1/homes/foo/../../out_of_share
>>smbclient //127.0.0.1/homes -c "mkdir ../foo2"
>>smbclient //127.0.0.1/homes -c "rename bar ../bar"
>
> FYI, MS-FSCC states:
>
> "Except where explicitly permitted, a pathname component that is a dot
> directory name MUST NOT
> be sent over the wire."
>
> so it might be easier to just refuse with an
> error a pathname containing "." or ".." on input
> processing rather than try and deal with it.
>
> Might be interesting to test this against a
> Windows server and see what it does here.
When I have tested it, it's allowed...

$ ./examples/smb2-ls-async smb://172.30.1.42/homes2/foo/./bar/../
bar                  DIRECTORY               0 Sat Sep 25 08:50:02 2021

..                   DIRECTORY               0 Sat Sep 25 09:02:12 2021

.                    DIRECTORY               0 Sat Sep 25 09:02:12 2021

When last component is dotdot(..) and first component is dot(.),  it
seem to refuse connection.

$ ./examples/smb2-ls-async smb://172.30.1.42/homes2/../
failed to create/open directory (Invalid argument) Opendir failed with
(0xc000000d) STATUS_INVALID_PARAMETER.

$ ./examples/smb2-ls-async smb://172.30.1.42/homes2/./
failed to create/open directory (Input/output error) Opendir failed
with (0xc0000033) STATUS_OBJECT_NAME_INVALID.

./examples/smb2-ls-async smb://172.30.1.42/homes2/foo/../
failed to create/open directory (Invalid argument) Opendir failed with
(0xc000000d) STATUS_INVALID_PARAMETER.

$ ./examples/smb2-ls-async smb://172.30.1.42/homes2/./foo
failed to create/open directory (No such file or directory) Opendir
failed with (0xc000003a) STATUS_OBJECT_PATH_NOT_FOUND.

$ ./examples/smb2-ls-async smb://172.30.1.42/homes2/foo/.
bar                  DIRECTORY               0 Sat Sep 25 08:50:02 2021

..                   DIRECTORY               0 Sat Sep 25 09:02:12 2021

.                    DIRECTORY               0 Sat Sep 25 09:02:12 2021

>