diff options
| author | cperciva <cperciva@FreeBSD.org> | 2006-05-31 22:32:22 +0000 |
|---|---|---|
| committer | cperciva <cperciva@FreeBSD.org> | 2006-05-31 22:32:22 +0000 |
| commit | 4e501fd8a3d7b1224960a895553cb7554ab5263c (patch) | |
| tree | d8f9a485f92570b3c3e7ce9d0fe939bbc7cbc5c8 /sys/fs/smbfs | |
| parent | ea1857812cf3bac0a7519af233fd00f7d5d92f49 (diff) | |
| download | FreeBSD-src-4e501fd8a3d7b1224960a895553cb7554ab5263c.zip FreeBSD-src-4e501fd8a3d7b1224960a895553cb7554ab5263c.tar.gz | |
Enable inadvertantly disabled "securenet" access controls in ypserv. [1]
Correct a bug in the handling of backslash characters in smbfs which can
allow an attacker to escape from a chroot(2). [2]
Security: FreeBSD-SA-06:15.ypserv [1]
Security: FreeBSD-SA-06:16.smbfs [2]
Diffstat (limited to 'sys/fs/smbfs')
| -rw-r--r-- | sys/fs/smbfs/smbfs_vnops.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c index d741c06..ebdb309 100644 --- a/sys/fs/smbfs/smbfs_vnops.c +++ b/sys/fs/smbfs/smbfs_vnops.c @@ -1018,11 +1018,18 @@ smbfs_advlock(ap) static int smbfs_pathcheck(struct smbmount *smp, const char *name, int nmlen, int nameiop) { - static const char *badchars = "*/\\:<>;?"; + static const char *badchars = "*/:<>;?"; static const char *badchars83 = " +|,[]="; const char *cp; int i, error; + /* + * Backslash characters, being a path delimiter, are prohibited + * within a path component even for LOOKUP operations. + */ + if (index(name, '\\') != NULL) + return ENOENT; + if (nameiop == LOOKUP) return 0; error = ENOENT; |
