From: Volker Lendecke <vl@samba.org>
Date: Tue, 24 Oct 2023 16:47:59 +0000 (+0200)
Subject: smbd: Return OBJECT_NAME_NOT_FOUND if lcomp points outside the share
X-Git-Tag: talloc-2.4.2~832
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cee9586c6eeb8a332f4406d3a1fc47c11230f302;p=thirdparty%2Fsamba.git

smbd: Return OBJECT_NAME_NOT_FOUND if lcomp points outside the share

filename_convert_dirfsp() is the only caller of
safe_symlink_target_path(). Right now this is not called with
"unparsed==0" because the last component is handled in
openat_pathref_fsp() and thus non_widelink_open(). I have code that
will change this, so that we can simplify
openat_pathref_fsp_case_insensitive() to directly call OPENAT, not
going through non_widelink_open. This will cause
safe_symlink_target_path() also be called for the last component,
which means it needs logic to distinguish between PATH_ and
NAME_NOT_FOUND.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index e3776b3fa63..5d3e199c362 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -903,7 +903,8 @@ static NTSTATUS safe_symlink_target_path(
 		connectpath, strlen(connectpath), abs_target_canon, &relative);
 	if (!in_share) {
 		DBG_DEBUG("wide link to %s\n", abs_target_canon);
-		status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
+		status = (unparsed != 0) ? NT_STATUS_OBJECT_PATH_NOT_FOUND
+					 : NT_STATUS_OBJECT_NAME_NOT_FOUND;
 		goto fail;
 	}