[PATCH] smbfs chroot issue (CVE-2006-1864)
Mark Moseley reported that a chroot environment on a SMB share can be left via "cd ..\\". Similar to CVE-2006-1863 issue with cifs, this fix is for smbfs. Steven French <sfrench@us.ibm.com> wrote: Looks fine to me. This should catch the slash on lookup or equivalent, which will be all obvious paths of interest. Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Olaf Kirch
Linus Torvalds
parent
a7b862f663
commit
3b7c810827
1 changed files with 5 additions and 0 deletions
|
|
@ -434,6 +434,11 @@ smb_lookup(struct inode *dir, struct dentry *dentry, struct nameidata *nd)
|
|||
if (dentry->d_name.len > SMB_MAXNAMELEN)
|
||||
goto out;
|
||||
|
||||
/* Do not allow lookup of names with backslashes in */
|
||||
error = -EINVAL;
|
||||
if (memchr(dentry->d_name.name, '\\', dentry->d_name.len))
|
||||
goto out;
|
||||
|
||||
lock_kernel();
|
||||
error = smb_proc_getattr(dentry, &finfo);
|
||||
#ifdef SMBFS_PARANOIA
|
||||
|
|
|
|||
Loading…
Reference in a new issue