diff options
| author | Colin Percival <cperciva@FreeBSD.org> | 2006-05-31 22:32:22 +0000 |
|---|---|---|
| committer | Colin Percival <cperciva@FreeBSD.org> | 2006-05-31 22:32:22 +0000 |
| commit | 72f6a0fa7ae2649befc0ff21477e0f444d8c4e16 (patch) | |
| tree | d8f9a485f92570b3c3e7ce9d0fe939bbc7cbc5c8 /sys | |
| parent | 4ec07c5e933c1a5c22ba6fc028b9748171273689 (diff) | |
| download | src-72f6a0fa7ae2649befc0ff21477e0f444d8c4e16.tar.gz src-72f6a0fa7ae2649befc0ff21477e0f444d8c4e16.zip | |
Enable inadvertantly disabled "securenet" access controls in ypserv. [1]
Correct a bug in the handling of backslash characters in smbfs which can
allow an attacker to escape from a chroot(2). [2]
Security: FreeBSD-SA-06:15.ypserv [1]
Security: FreeBSD-SA-06:16.smbfs [2]
Notes
Notes:
svn path=/head/; revision=159117
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/fs/smbfs/smbfs_vnops.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/fs/smbfs/smbfs_vnops.c b/sys/fs/smbfs/smbfs_vnops.c index d741c060e229..ebdb309fc710 100644 --- a/sys/fs/smbfs/smbfs_vnops.c +++ b/sys/fs/smbfs/smbfs_vnops.c @@ -1018,11 +1018,18 @@ smbfs_advlock(ap) static int smbfs_pathcheck(struct smbmount *smp, const char *name, int nmlen, int nameiop) { - static const char *badchars = "*/\\:<>;?"; + static const char *badchars = "*/:<>;?"; static const char *badchars83 = " +|,[]="; const char *cp; int i, error; + /* + * Backslash characters, being a path delimiter, are prohibited + * within a path component even for LOOKUP operations. + */ + if (index(name, '\\') != NULL) + return ENOENT; + if (nameiop == LOOKUP) return 0; error = ENOENT; |