From 0f23bf228ceb38b024a77fcf2916971ad4f6aa4d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 4 May 2015 19:56:39 -0700 Subject: [PATCH] s3: smbd: VFS: fake_acl module called get_full_smb_filename() with a stream path, then used the result to call XATTR functions directly. Ensure when pulling XATTR values, we don't allow a stream filename. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11249 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- source3/modules/vfs_fake_acls.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c index f3c2ebbdba3..3887e86746e 100644 --- a/source3/modules/vfs_fake_acls.c +++ b/source3/modules/vfs_fake_acls.c @@ -115,8 +115,16 @@ static int fake_acls_stat(vfs_handle_struct *handle, if (ret == 0) { TALLOC_CTX *frame = talloc_stackframe(); char *path; + struct smb_filename smb_fname_base = { + .base_name = smb_fname->base_name + }; NTSTATUS status; - status = get_full_smb_filename(frame, smb_fname, &path); + /* + * As we're calling getxattr directly here + * we need to use only the base_name, not + * the full name containing any stream name. + */ + status = get_full_smb_filename(frame, &smb_fname_base, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame); @@ -148,8 +156,16 @@ static int fake_acls_lstat(vfs_handle_struct *handle, if (ret == 0) { TALLOC_CTX *frame = talloc_stackframe(); char *path; + struct smb_filename smb_fname_base = { + .base_name = smb_fname->base_name + }; NTSTATUS status; - status = get_full_smb_filename(frame, smb_fname, &path); + /* + * As we're calling getxattr directly here + * we need to use only the base_name, not + * the full name containing any stream name. + */ + status = get_full_smb_filename(frame, &smb_fname_base, &path); if (!NT_STATUS_IS_OK(status)) { errno = map_errno_from_nt_status(status); TALLOC_FREE(frame); -- 2.11.4.GIT