s3: smbd: Fix the error processing in filename_convert_dirfsp_nosymlink() to match...

We need this in order to pass:

samba3.raw.samba3badpath
raw.chkpath
samba3.base.chkpath

Now we can convert all the SMB1 reply_openXXX functions,
and reply_checkpath().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 5f90f378482ba04313698a81bb9adc1486265a11..3f0c395fd8ffa360f13d80f790a194e4d092cab2 100644 (file)
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -2749,6 +2749,19 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
                return NT_STATUS_OK;
        }
 
+       /*
+        * Catch an invalid path of "." before we
+        * call filename_split_lcomp(). We need to
+        * do this as filename_split_lcomp() will
+        * use "." for the missing relative component
+        * when an empty name_in path is sent by
+        * the client.
+        */
+       if (ISDOT(name_in)) {
+               status = NT_STATUS_OBJECT_NAME_INVALID;
+               goto fail;
+       }
+
        ok = filename_split_lcomp(
                talloc_tos(),
                name_in,
@@ -2761,11 +2774,6 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
                goto fail;
        }
 
-       if (fname_rel[0] == '\0') {
-               status = NT_STATUS_OBJECT_NAME_INVALID;
-               goto fail;
-       }
-
        if (!posix) {
                bool name_has_wild = ms_has_wild(dirname);
                name_has_wild |= ms_has_wild(fname_rel);
@@ -2828,13 +2836,39 @@ static NTSTATUS filename_convert_dirfsp_nosymlink(
 
                goto fail;
        }
-       TALLOC_FREE(dirname);
 
        if (!VALID_STAT_OF_DIR(smb_dirname->st)) {
                status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
                goto fail;
        }
 
+       /*
+        * Only look at bad last component values
+        * once we know we have a valid directory. That
+        * way we won't confuse error messages from
+        * opening the directory path with error
+        * messages from a bad last component.
+        */
+
+       /* Relative filename can't be empty */
+       if (fname_rel[0] == '\0') {
+               status = NT_STATUS_OBJECT_NAME_INVALID;
+               goto fail;
+       }
+
+       /* Relative filename can't be ".." */
+       if (ISDOTDOT(fname_rel)) {
+               status = NT_STATUS_OBJECT_NAME_INVALID;
+               goto fail;
+       }
+       /* Relative name can only be dot if directory is empty. */
+       if (ISDOT(fname_rel) && dirname[0] != '\0') {
+               status = NT_STATUS_OBJECT_NAME_INVALID;
+               goto fail;
+       }
+
+       TALLOC_FREE(dirname);
+
        smb_fname_rel = synthetic_smb_fname(
                mem_ctx,
                fname_rel,
@@ -2999,6 +3033,7 @@ done:
        return NT_STATUS_OK;
 
 fail:
+       TALLOC_FREE(dirname);
        TALLOC_FREE(smb_dirname);
        TALLOC_FREE(smb_fname_rel);
        return status;