From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 1 Dec 2008 21:21:56 +0000 (-0800)
Subject: s3:smbd: correctly verify stream names to pass RAW-STREAMS
X-Git-Tag: build_3.3.2_ctdb_1~594
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=a9f98bf0402d81c484155cdb81444d697d51decb;p=obnox%2Fsamba-ctdb.git

s3:smbd: correctly verify stream names to pass RAW-STREAMS

metze
(cherry picked from commit 6f8e7146cd51c81963f9e2830a4ed7e37eefdf1f)
---

diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 61988181dd..171e85b2a2 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -52,11 +52,45 @@ static NTSTATUS check_path_syntax_internal(char *path,
 	const char *s = path;
 	NTSTATUS ret = NT_STATUS_OK;
 	bool start_of_name_component = True;
+	bool stream_started = false;
 
 	*p_last_component_contains_wcard = False;
 
 	while (*s) {
-		if (IS_PATH_SEP(*s,posix_path)) {
+		if (stream_started) {
+			switch (*s) {
+			case '/':
+			case '\\':
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			case ':':
+				if (s[1] == '\0') {
+					return NT_STATUS_OBJECT_NAME_INVALID;
+				}
+				if (strchr_m(&s[1], ':')) {
+					return NT_STATUS_OBJECT_NAME_INVALID;
+				}
+				if (StrCaseCmp(s, ":$DATA") != 0) {
+					return NT_STATUS_INVALID_PARAMETER;
+				}
+				break;
+			}
+		}
+
+		if (!stream_started && *s == ':') {
+			if (*p_last_component_contains_wcard) {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+			/* stream names allow more characters than file names */
+			stream_started = true;
+			start_of_name_component = false;
+			posix_path = true;
+
+			if (s[1] == '\0') {
+				return NT_STATUS_OBJECT_NAME_INVALID;
+			}
+		}
+
+		if (!stream_started && IS_PATH_SEP(*s,posix_path)) {
 			/*
 			 * Safe to assume is not the second part of a mb char
 			 * as this is handled below.