forked from Lainports/freebsd-ports
fe49557452
The security defects addressed in these fixes are described at https://www.samba.org/samba/history/samba-4.16.11.html PR: 273595 Approved by: maintainer timeout
101 lines
2.7 KiB
Diff
101 lines
2.7 KiB
Diff
From 617bc2ee68d2213517c32f1c5cd44edc32817e41 Mon Sep 17 00:00:00 2001
|
|
From: Volker Lendecke <vl@samba.org>
|
|
Date: Sat, 15 Oct 2022 13:29:14 +0200
|
|
Subject: [PATCH 10/21] CVE-2023-34968: lib: Move subdir_of() to
|
|
source3/lib/util_path.c
|
|
|
|
Make it available for other components
|
|
|
|
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15207
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
|
|
(backported from commit d905dbddf8d2655e6c91752b750cbe9c15837ee5)
|
|
[slow@samba.org: subdir_of() didn't exist yet in 4.16 so this just adds it]
|
|
---
|
|
source3/lib/util_path.c | 52 +++++++++++++++++++++++++++++++++++++++++
|
|
source3/lib/util_path.h | 4 ++++
|
|
2 files changed, 56 insertions(+)
|
|
|
|
diff --git a/source3/lib/util_path.c b/source3/lib/util_path.c
|
|
index c34b734384c..e6bed724551 100644
|
|
--- a/source3/lib/util_path.c
|
|
+++ b/source3/lib/util_path.c
|
|
@@ -23,6 +23,8 @@
|
|
|
|
#include "replace.h"
|
|
#include <talloc.h>
|
|
+#include "lib/util/debug.h"
|
|
+#include "lib/util/fault.h"
|
|
#include "lib/util/samba_util.h"
|
|
#include "lib/util_path.h"
|
|
|
|
@@ -210,3 +212,53 @@ char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *pathname_in)
|
|
*p++ = '\0';
|
|
return pathname;
|
|
}
|
|
+
|
|
+/*
|
|
+ * Take two absolute paths, figure out if "subdir" is a proper
|
|
+ * subdirectory of "parent". Return the component relative to the
|
|
+ * "parent" without the potential "/". Take care of "parent"
|
|
+ * possibly ending in "/".
|
|
+ */
|
|
+bool subdir_of(const char *parent,
|
|
+ size_t parent_len,
|
|
+ const char *subdir,
|
|
+ const char **_relative)
|
|
+{
|
|
+ const char *relative = NULL;
|
|
+ bool matched;
|
|
+
|
|
+ SMB_ASSERT(parent[0] == '/');
|
|
+ SMB_ASSERT(subdir[0] == '/');
|
|
+
|
|
+ if (parent_len == 1) {
|
|
+ /*
|
|
+ * Everything is below "/"
|
|
+ */
|
|
+ *_relative = subdir+1;
|
|
+ return true;
|
|
+ }
|
|
+
|
|
+ if (parent[parent_len-1] == '/') {
|
|
+ parent_len -= 1;
|
|
+ }
|
|
+
|
|
+ matched = (strncmp(subdir, parent, parent_len) == 0);
|
|
+ if (!matched) {
|
|
+ return false;
|
|
+ }
|
|
+
|
|
+ relative = &subdir[parent_len];
|
|
+
|
|
+ if (relative[0] == '\0') {
|
|
+ *_relative = relative; /* nothing left */
|
|
+ return true;
|
|
+ }
|
|
+
|
|
+ if (relative[0] == '/') {
|
|
+ /* End of parent must match a '/' in subdir. */
|
|
+ *_relative = relative+1;
|
|
+ return true;
|
|
+ }
|
|
+
|
|
+ return false;
|
|
+}
|
|
diff --git a/source3/lib/util_path.h b/source3/lib/util_path.h
|
|
index 3e7d04de550..0ea508bf5bb 100644
|
|
--- a/source3/lib/util_path.h
|
|
+++ b/source3/lib/util_path.h
|
|
@@ -31,5 +31,9 @@ char *lock_path(TALLOC_CTX *mem_ctx, const char *name);
|
|
char *state_path(TALLOC_CTX *mem_ctx, const char *name);
|
|
char *cache_path(TALLOC_CTX *mem_ctx, const char *name);
|
|
char *canonicalize_absolute_path(TALLOC_CTX *ctx, const char *abs_path);
|
|
+bool subdir_of(const char *parent,
|
|
+ size_t parent_len,
|
|
+ const char *subdir,
|
|
+ const char **_relative);
|
|
|
|
#endif
|
|
--
|
|
2.41.0
|
|
|