diff options
| author | Gordon Ross <gwr@racktopsystems.com> | 2021-10-01 17:24:38 -0400 |
|---|---|---|
| committer | Toomas Soome <tsoome@me.com> | 2022-09-26 18:03:54 +0300 |
| commit | 46a7047cf9615f69c4e19c75c66b808b68695bbe (patch) | |
| tree | 42c4d8236f8d5b7a77078d4d2064d5c934a15e9f | |
| parent | 76b0ca5a9552055cbe0fc7faabd3269bf63c4060 (diff) | |
| download | illumos-joyent-46a7047cf9615f69c4e19c75c66b808b68695bbe.tar.gz | |
14999 SMB server mis-handles very long file names
Reviewed-by: Garrett D'Amore <gdamore@damore.org>
Reviewed by: Andy Stormont <astormont@racktopsystems.com>
Reviewed-by: Jerry Jelinek <gjelinek@racktopsystems.com>
Reviewed-by: Vitaliy Gusev <gusev.vitaliy@gmail.com>
Reviewed by: Matt Barden <mbarden@tintri.com>
Approved by: Dan McDonald <danmcd@mnx.io>
| -rw-r--r-- | usr/src/uts/common/fs/smbsrv/smb_errno.c | 3 | ||||
| -rw-r--r-- | usr/src/uts/common/fs/smbsrv/smb_pathname.c | 14 |
2 files changed, 15 insertions, 2 deletions
diff --git a/usr/src/uts/common/fs/smbsrv/smb_errno.c b/usr/src/uts/common/fs/smbsrv/smb_errno.c index fe0ea8c7c6..e5623b2258 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_errno.c +++ b/usr/src/uts/common/fs/smbsrv/smb_errno.c @@ -22,6 +22,7 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2017 Nexenta Systems, Inc. All rights reserved. + * Copyright 2021 RackTop Systems, Inc. */ /* @@ -81,7 +82,7 @@ smb_errno2status_map[] = { { ENOTSUP, NT_STATUS_NOT_SUPPORTED }, { EDQUOT, NT_STATUS_DISK_FULL }, { EREMOTE, NT_STATUS_PATH_NOT_COVERED}, - { ENAMETOOLONG, NT_STATUS_OBJECT_NAME_INVALID }, + { ENAMETOOLONG, NT_STATUS_NAME_TOO_LONG }, { EILSEQ, NT_STATUS_OBJECT_NAME_INVALID }, { ENOTEMPTY, NT_STATUS_DIRECTORY_NOT_EMPTY }, { ENOTSOCK, NT_STATUS_INVALID_HANDLE }, diff --git a/usr/src/uts/common/fs/smbsrv/smb_pathname.c b/usr/src/uts/common/fs/smbsrv/smb_pathname.c index b1c096cde5..3dd99c9a61 100644 --- a/usr/src/uts/common/fs/smbsrv/smb_pathname.c +++ b/usr/src/uts/common/fs/smbsrv/smb_pathname.c @@ -21,6 +21,7 @@ /* * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2019 Nexenta by DDN, Inc. All rights reserved. + * Copyright 2021 RackTop Systems, Inc. */ #include <smbsrv/smb_kproto.h> @@ -151,7 +152,8 @@ smb_pathname_reduce( char *last_component) { smb_node_t *root_node; - pathname_t ppn, mnt_pn; + pathname_t ppn = {0}; + pathname_t mnt_pn = {0}; char *usepath; int lookup_flags = FOLLOW; int trailing_slash = 0; @@ -283,6 +285,10 @@ smb_pathname_reduce( (void) strlcpy(last_component, ".", MAXNAMELEN); } else { (void) pn_setlast(&ppn); + if (ppn.pn_pathlen >= MAXNAMELEN) { + err = ENAMETOOLONG; + goto end_not_vss; + } (void) strlcpy(last_component, ppn.pn_path, MAXNAMELEN); ppn.pn_path[0] = '\0'; } @@ -297,6 +303,7 @@ smb_pathname_reduce( chk_vss ? &mnt_pn : NULL); } +end_not_vss: (void) pn_free(&ppn); kmem_free(usepath, SMB_MAXPATHLEN); @@ -327,6 +334,10 @@ smb_pathname_reduce( (void) strlcpy(last_component, ".", MAXNAMELEN); } else { (void) pn_setlast(&mnt_pn); + if (ppn.pn_pathlen >= MAXNAMELEN) { + err = ENAMETOOLONG; + goto end_chk_vss; + } (void) strlcpy(last_component, mnt_pn.pn_path, MAXNAMELEN); mnt_pn.pn_path[0] = '\0'; @@ -344,6 +355,7 @@ smb_pathname_reduce( } } +end_chk_vss: if (chk_vss) (void) pn_free(&mnt_pn); if (gmttoken != NULL) |