|
 |
d1681e |
From 11ae607a1c958f166e689bacf00acbae989c4d8e Mon Sep 17 00:00:00 2001
|
|
|
d1681e |
From: Amar Tumballi <amarts@redhat.com>
|
|
|
d1681e |
Date: Thu, 9 Aug 2018 13:00:01 +0530
|
|
|
d1681e |
Subject: [PATCH 349/351] posix: don't allow '../' path in 'name'
|
|
|
d1681e |
|
|
|
d1681e |
This will prevent any arbitrary file creation through glusterfs
|
|
|
d1681e |
by modifying the client bits.
|
|
|
d1681e |
|
|
|
d1681e |
BUG: 1613686
|
|
|
d1681e |
BUG: 1613685
|
|
|
d1681e |
BUG: 1613684
|
|
|
d1681e |
|
|
|
d1681e |
Change-Id: I6def64956d9e5541e7f70a8910a4d6ce4bde61e9
|
|
|
d1681e |
Signed-off-by: Amar Tumballi <amarts@redhat.com>
|
|
|
d1681e |
Reviewed-on: https://code.engineering.redhat.com/gerrit/146548
|
|
|
d1681e |
Reviewed-by: Pranith Kumar Karampuri <pkarampu@redhat.com>
|
|
|
d1681e |
Reviewed-by: Nithya Balachandran <nbalacha@redhat.com>
|
|
|
d1681e |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
d1681e |
---
|
|
|
d1681e |
xlators/protocol/server/src/server-resolve.c | 12 ++++++++++++
|
|
|
d1681e |
xlators/storage/posix/src/posix-handle.h | 5 +++++
|
|
|
d1681e |
2 files changed, 17 insertions(+)
|
|
|
d1681e |
|
|
|
d1681e |
diff --git a/xlators/protocol/server/src/server-resolve.c b/xlators/protocol/server/src/server-resolve.c
|
|
|
d1681e |
index 6ffb909..b3eda0e 100644
|
|
|
d1681e |
--- a/xlators/protocol/server/src/server-resolve.c
|
|
|
d1681e |
+++ b/xlators/protocol/server/src/server-resolve.c
|
|
|
d1681e |
@@ -311,6 +311,18 @@ resolve_entry_simple (call_frame_t *frame)
|
|
|
d1681e |
/* expected @parent was found from the inode cache */
|
|
|
d1681e |
gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
|
|
|
d1681e |
state->loc_now->parent = inode_ref (parent);
|
|
|
d1681e |
+
|
|
|
d1681e |
+ if (strstr (resolve->bname, "../")) {
|
|
|
d1681e |
+ /* Resolving outside the parent's tree is not allowed */
|
|
|
d1681e |
+ gf_msg (this->name, GF_LOG_ERROR, EPERM,
|
|
|
d1681e |
+ PS_MSG_GFID_RESOLVE_FAILED,
|
|
|
d1681e |
+ "%s: path sent by client not allowed",
|
|
|
d1681e |
+ resolve->bname);
|
|
|
d1681e |
+ resolve->op_ret = -1;
|
|
|
d1681e |
+ resolve->op_errno = EPERM;
|
|
|
d1681e |
+ ret = 1;
|
|
|
d1681e |
+ goto out;
|
|
|
d1681e |
+ }
|
|
|
d1681e |
state->loc_now->name = resolve->bname;
|
|
|
d1681e |
|
|
|
d1681e |
inode = inode_grep (state->itable, parent, resolve->bname);
|
|
|
d1681e |
diff --git a/xlators/storage/posix/src/posix-handle.h b/xlators/storage/posix/src/posix-handle.h
|
|
|
d1681e |
index cb1f84e..a0f82ec 100644
|
|
|
d1681e |
--- a/xlators/storage/posix/src/posix-handle.h
|
|
|
d1681e |
+++ b/xlators/storage/posix/src/posix-handle.h
|
|
|
d1681e |
@@ -223,6 +223,11 @@
|
|
|
d1681e |
break; \
|
|
|
d1681e |
} \
|
|
|
d1681e |
\
|
|
|
d1681e |
+ if (strstr (loc->name, "../")) { \
|
|
|
d1681e |
+ gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
|
|
|
d1681e |
+ "'../' in name not allowed: (%s)", loc->name); \
|
|
|
d1681e |
+ break; \
|
|
|
d1681e |
+ } \
|
|
|
d1681e |
if (LOC_HAS_ABSPATH (loc)) { \
|
|
|
d1681e |
MAKE_REAL_PATH (entp, this, loc->path); \
|
|
|
d1681e |
__parp = strdupa (entp); \
|
|
|
d1681e |
--
|
|
|
d1681e |
1.8.3.1
|
|
|
d1681e |
|