--- /dev/null
+From nobody Mon Sep 17 00:00:00 2001
+From: Steve French <sfrench@us.ibm.com>
+Date: Fri Apr 21 18:18:37 2006 +0000
+Subject: [PATCH] [CIFS] Don't allow a backslash in a path component (CVE-2006-1863)
+
+Unless Posix paths have been negotiated, the backslash, "\", is not a valid
+character in a path component.
+
+Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com>
+Signed-off-by: Steve French <sfrench@us.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+
+ fs/cifs/dir.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- linux-2.6.16.10.orig/fs/cifs/dir.c
++++ linux-2.6.16.10/fs/cifs/dir.c
+@@ -441,6 +441,20 @@ cifs_lookup(struct inode *parent_dir_ino
+ cifs_sb = CIFS_SB(parent_dir_inode->i_sb);
+ pTcon = cifs_sb->tcon;
+
++ /*
++ * Don't allow the separator character in a path component.
++ * The VFS will not allow "/", but "\" is allowed by posix.
++ */
++ if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS)) {
++ int i;
++ for (i = 0; i < direntry->d_name.len; i++)
++ if (direntry->d_name.name[i] == '\\') {
++ cFYI(1, ("Invalid file name"));
++ FreeXid(xid);
++ return ERR_PTR(-EINVAL);
++ }
++ }
++
+ /* can not grab the rename sem here since it would
+ deadlock in the cases (beginning of sys_rename itself)
+ in which we already have the sb rename sem */
projects / thirdparty / kernel / stable-queue.git / commitdiff
