summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2006-04-21 18:18:37 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2006-04-24 13:06:59 -0700
commit5c521ce6afd3509df37117d78c711d18dd5c0a70 (patch)
tree3796d1d1397571d6e96fe6dcf3788fa987d449e8
parent834f514019e01f87657a257dae0fbbae1006ec2a (diff)
downloadkernel-common-5c521ce6afd3509df37117d78c711d18dd5c0a70.tar.gz
kernel-common-5c521ce6afd3509df37117d78c711d18dd5c0a70.tar.bz2
kernel-common-5c521ce6afd3509df37117d78c711d18dd5c0a70.zip
[PATCH] Don't allow a backslash in a path component (CVE-2006-1863)
Unless Posix paths have been negotiated, the backslash, "\", is not a valid character in a path component. Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--fs/cifs/dir.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c
index fed55e3c53df..5e562bc61245 100644
--- a/fs/cifs/dir.c
+++ b/fs/cifs/dir.c
@@ -441,6 +441,20 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry, struct name
cifs_sb = CIFS_SB(parent_dir_inode->i_sb);
pTcon = cifs_sb->tcon;
+ /*
+ * Don't allow the separator character in a path component.
+ * The VFS will not allow "/", but "\" is allowed by posix.
+ */
+ if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS)) {
+ int i;
+ for (i = 0; i < direntry->d_name.len; i++)
+ if (direntry->d_name.name[i] == '\\') {
+ cFYI(1, ("Invalid file name"));
+ FreeXid(xid);
+ return ERR_PTR(-EINVAL);
+ }
+ }
+
/* can not grab the rename sem here since it would
deadlock in the cases (beginning of sys_rename itself)
in which we already have the sb rename sem */