s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and...

Not doing a test for this as wildcard SMB1copy() is evil and
should be removed. It's the same fix I'm doing for unlink
and rename, so this shouldn't be an issue.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 4fd60c1a9d1ffe2352afc3333510c4dfd787532c..c2070012f1fa5050ffd5e1830c5a414c25569450 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -8695,6 +8695,8 @@ void reply_copy(struct smb_request *req)
        }
 
        if (!req->posix_pathnames) {
+               char *orig_src_lcomp = NULL;
+               char *orig_dst_lcomp = NULL;
                /*
                 * Check the wildcard mask *before*
                 * unmangling. As mangling is done
@@ -8702,8 +8704,26 @@ void reply_copy(struct smb_request *req)
                 * to Windows the unmangled name may
                 * contain Windows wildcard characters.
                 */
-               source_has_wild = ms_has_wild(fname_src_mask);
-               dest_has_wild = ms_has_wild(smb_fname_dst->base_name);
+               orig_src_lcomp = get_original_lcomp(ctx,
+                                       conn,
+                                       fname_src,
+                                       ucf_flags_src);
+               if (orig_src_lcomp == NULL) {
+                       reply_nterror(req, NT_STATUS_NO_MEMORY);
+                       goto out;
+               }
+               orig_dst_lcomp = get_original_lcomp(ctx,
+                                       conn,
+                                       fname_dst,
+                                       ucf_flags_dst);
+               if (orig_dst_lcomp == NULL) {
+                       reply_nterror(req, NT_STATUS_NO_MEMORY);
+                       goto out;
+               }
+               source_has_wild = ms_has_wild(orig_src_lcomp);
+               dest_has_wild = ms_has_wild(orig_dst_lcomp);
+               TALLOC_FREE(orig_src_lcomp);
+               TALLOC_FREE(orig_dst_lcomp);
        }
 
        /*