s3: smbd: Allow async dosmode to cope with ".." pathnames where we close smb_fname...
authorJeremy Allison <jra@samba.org>
Thu, 15 Jul 2021 04:30:09 +0000 (21:30 -0700)
committerRalph Boehme <slow@samba.org>
Wed, 28 Jul 2021 14:16:31 +0000 (14:16 +0000)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14759

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
source3/smbd/dosmode.c

index 43c4686712200677e9ec3ec6052dcaa893b6ac5d..99cb86079448ce33a7968de18c9e3ae74969fa96 100644 (file)
@@ -814,15 +814,20 @@ struct tevent_req *dos_mode_at_send(TALLOC_CTX *mem_ctx,
        }
 
        if (smb_fname->fsp == NULL) {
        }
 
        if (smb_fname->fsp == NULL) {
-               /*
-                * The pathological case where a caller does
-                * dos_mode_at_send() and smb_fname points at a
-                * symlink in POSIX context. smb_fname->fsp is NULL.
-                *
-                * FIXME ? Should we move to returning
-                * FILE_ATTRIBUTE_REPARSE_POINT here ?
-                */
-               state->dosmode = FILE_ATTRIBUTE_NORMAL;
+               if (ISDOTDOT(smb_fname->base_name)) {
+                       /*
+                        * smb_fname->fsp is explicitly closed
+                        * for ".." to prevent meta-data leakage.
+                        */
+                       state->dosmode = FILE_ATTRIBUTE_DIRECTORY;
+               } else {
+                       /*
+                        * This is a symlink in POSIX context.
+                        * FIXME ? Should we move to returning
+                        * FILE_ATTRIBUTE_REPARSE_POINT here ?
+                        */
+                       state->dosmode = FILE_ATTRIBUTE_NORMAL;
+               }
                tevent_req_done(req);
                return tevent_req_post(req, ev);
        }
                tevent_req_done(req);
                return tevent_req_post(req, ev);
        }