From: Jeremy Allison <jra@samba.org>
Date: Mon, 5 Oct 2020 18:27:30 +0000 (-0700)
Subject: s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and... 
X-Git-Tag: talloc-2.3.2~294
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e4fd7bc70641d94fa7fc1178b06a717b4ea75d14;p=thirdparty%2Fsamba.git

s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and dst.

Not doing a test for this as wildcard SMB1copy() is evil and
should be removed. It's the same fix I'm doing for unlink
and rename, so this shouldn't be an issue.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 4fd60c1a9d1..c2070012f1f 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -8695,6 +8695,8 @@ void reply_copy(struct smb_request *req)
 	}
 
 	if (!req->posix_pathnames) {
+		char *orig_src_lcomp = NULL;
+		char *orig_dst_lcomp = NULL;
 		/*
 		 * Check the wildcard mask *before*
 		 * unmangling. As mangling is done
@@ -8702,8 +8704,26 @@ void reply_copy(struct smb_request *req)
 		 * to Windows the unmangled name may
 		 * contain Windows wildcard characters.
 		 */
-		source_has_wild = ms_has_wild(fname_src_mask);
-		dest_has_wild = ms_has_wild(smb_fname_dst->base_name);
+		orig_src_lcomp = get_original_lcomp(ctx,
+					conn,
+					fname_src,
+					ucf_flags_src);
+		if (orig_src_lcomp == NULL) {
+			reply_nterror(req, NT_STATUS_NO_MEMORY);
+			goto out;
+		}
+		orig_dst_lcomp = get_original_lcomp(ctx,
+					conn,
+					fname_dst,
+					ucf_flags_dst);
+		if (orig_dst_lcomp == NULL) {
+			reply_nterror(req, NT_STATUS_NO_MEMORY);
+			goto out;
+		}
+		source_has_wild = ms_has_wild(orig_src_lcomp);
+		dest_has_wild = ms_has_wild(orig_dst_lcomp);
+		TALLOC_FREE(orig_src_lcomp);
+		TALLOC_FREE(orig_dst_lcomp);
 	}
 
 	/*