diff options
author | Steve French <sfrench@us.ibm.com> | 2006-04-21 18:18:37 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-04-24 13:06:59 -0700 |
commit | 5c521ce6afd3509df37117d78c711d18dd5c0a70 (patch) | |
tree | 3796d1d1397571d6e96fe6dcf3788fa987d449e8 | |
parent | 834f514019e01f87657a257dae0fbbae1006ec2a (diff) | |
download | kernel-common-5c521ce6afd3509df37117d78c711d18dd5c0a70.tar.gz kernel-common-5c521ce6afd3509df37117d78c711d18dd5c0a70.tar.bz2 kernel-common-5c521ce6afd3509df37117d78c711d18dd5c0a70.zip |
[PATCH] Don't allow a backslash in a path component (CVE-2006-1863)
Unless Posix paths have been negotiated, the backslash, "\", is not a valid
character in a path component.
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | fs/cifs/dir.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c index fed55e3c53df..5e562bc61245 100644 --- a/fs/cifs/dir.c +++ b/fs/cifs/dir.c @@ -441,6 +441,20 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry, struct name cifs_sb = CIFS_SB(parent_dir_inode->i_sb); pTcon = cifs_sb->tcon; + /* + * Don't allow the separator character in a path component. + * The VFS will not allow "/", but "\" is allowed by posix. + */ + if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS)) { + int i; + for (i = 0; i < direntry->d_name.len; i++) + if (direntry->d_name.name[i] == '\\') { + cFYI(1, ("Invalid file name")); + FreeXid(xid); + return ERR_PTR(-EINVAL); + } + } + /* can not grab the rename sem here since it would deadlock in the cases (beginning of sys_rename itself) in which we already have the sb rename sem */ |