From: Jeremy Allison Date: Tue, 5 May 2015 02:56:39 +0000 (-0700) Subject: s3: smbd: VFS: fake_acl module called get_full_smb_filename() with a stream path... X-Git-Tag: samba-4.1.19~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0372b33553d76b79ad3d1b139f4e60e517bec276;p=thirdparty%2Fsamba.git s3: smbd: VFS: fake_acl module called get_full_smb_filename() with a stream path, then used the result to call XATTR functions directly. Ensure when pulling XATTR values, we don't allow a stream filename. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11249 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 0f23bf228ceb38b024a77fcf2916971ad4f6aa4d) --- diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c index f3c2ebbdba3..3887e86746e 100644 --- a/source3/modules/vfs_fake_acls.c +++ b/source3/modules/vfs_fake_acls.c @@ -115,8 +115,16 @@ static int fake_acls_stat(vfs_handle_struct *handle, if (ret == 0) { TALLOC_CTX *frame = talloc_stackframe(); char *path; + struct smb_filename smb_fname_base = { + .base_name = smb_fname->base_name + }; NTSTATUS status; - status = get_full_smb_filename(frame, smb_fname, &path); + /* + * As we're calling getxattr directly here + * we need to use only the base_name, not + * the full name containing any stream name. + */ + status = get_full_smb_filename(frame, &smb_fname_base, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame); @@ -148,8 +156,16 @@ static int fake_acls_lstat(vfs_handle_struct *handle, if (ret == 0) { TALLOC_CTX *frame = talloc_stackframe(); char *path; + struct smb_filename smb_fname_base = { + .base_name = smb_fname->base_name + }; NTSTATUS status; - status = get_full_smb_filename(frame, smb_fname, &path); + /* + * As we're calling getxattr directly here + * we need to use only the base_name, not + * the full name containing any stream name. + */ + status = get_full_smb_filename(frame, &smb_fname_base, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame);