From: Jeremy Allison <jra@samba.org>
Date: Thu, 19 Jan 2017 23:18:41 +0000 (-0800)
Subject: s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolut... 
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=82979afc46cc5e466bdd999a94080e7a5df95518;p=mat%2Fsamba.git

s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().

Canonicalizing a path of /foo/bar/../baz would return /foo/barbaz
as moving forward 3 characters would delete the / character.

Canonicalizing /foo/.. would end up as '\0'.

Test to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12531

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
---

diff --git a/source3/lib/util_path.c b/source3/lib/util_path.c
index cbad2e15d4..6f58a03ae5 100644
--- a/source3/lib/util_path.c
+++ b/source3/lib/util_path.c
@@ -138,12 +138,8 @@ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path)
 					(s[2] == '/' || s[2] == '\0')) {
 				/* Uh oh - "/../" or "/..\0" ! */
 
-				/* Go past the ../ or .. */
-				if (s[2] == '/') {
-					s += 3;
-				} else {
-					s += 2; /* Go past the .. */
-				}
+				/* Go past the .. leaving us on the / or '\0' */
+				s += 2;
 
 				/* If  we just added a '/' - delete it */
 				if ((d > destname) && (*(d-1) == '/')) {
@@ -169,6 +165,16 @@ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path)
 						break;
 					}
 				}
+
+				/*
+				 * Are we at the start ?
+				 * Can't go back further if so.
+				 */
+				if (d <= destname) {
+					*d++ = '/'; /* Can't delete root */
+					continue;
+				}
+
 				/*
 				 * We're still at the start of a name
 				 * component, just the previous one.