From e4fd7bc70641d94fa7fc1178b06a717b4ea75d14 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 5 Oct 2020 11:27:30 -0700 Subject: [PATCH] s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards in src and dst. Not doing a test for this as wildcard SMB1copy() is evil and should be removed. It's the same fix I'm doing for unlink and rename, so this shouldn't be an issue. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- source3/smbd/reply.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 4fd60c1a9d1..c2070012f1f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -8695,6 +8695,8 @@ void reply_copy(struct smb_request *req) } if (!req->posix_pathnames) { + char *orig_src_lcomp = NULL; + char *orig_dst_lcomp = NULL; /* * Check the wildcard mask *before* * unmangling. As mangling is done @@ -8702,8 +8704,26 @@ void reply_copy(struct smb_request *req) * to Windows the unmangled name may * contain Windows wildcard characters. */ - source_has_wild = ms_has_wild(fname_src_mask); - dest_has_wild = ms_has_wild(smb_fname_dst->base_name); + orig_src_lcomp = get_original_lcomp(ctx, + conn, + fname_src, + ucf_flags_src); + if (orig_src_lcomp == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + goto out; + } + orig_dst_lcomp = get_original_lcomp(ctx, + conn, + fname_dst, + ucf_flags_dst); + if (orig_dst_lcomp == NULL) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + goto out; + } + source_has_wild = ms_has_wild(orig_src_lcomp); + dest_has_wild = ms_has_wild(orig_dst_lcomp); + TALLOC_FREE(orig_src_lcomp); + TALLOC_FREE(orig_dst_lcomp); } /* -- 2.47.3