New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Path Traversal vulnerabilities by checking path prefix against in… #1066
Conversation
Thanks @omriinbar for providing an PR on this issues! The code changes are quite large due to the indentation and other PEP8-related changes, which make its a little bit harder that it should to evaluate. While we review the potential impact of the changes and work on adding some tests to check those, I've a question related to the introduced behavior that added as in-line comments. I'm doubting on whether we shouldn't return |
…T_PATH_SYNTAX_BAD
Changed STATUS_ACCESS_DENIED and STATUS_NOT_SUPPORTED to STATUS_OBJECT_PATH_SYNTAX_BAD |
Adding some pseudo-functional tests for the SimpleSMBServer. This spins up a SimpleSMBServer instance and connects to it using our own SMBConnection. Includes checks for #1066.
Thanks for the changes. I don't think is fully clear from the documentation (e.g. in MS-CIFS) but at least this is the way that Samba is replying (and I think based on this old thread). Windows (e.g. Win 2019) returns an Coverage was added in #1067. |
Adding some pseudo-functional tests for the `SimpleSMBServer`. This spins up a `SimpleSMBServer` instance and connects to it using our own `SMBConnection`. Includes checks for #1066. This PR: - Adds basic unit tests for the path validation function introduced in #1066. - Adds pseudo-functional tests for `SimpleSMBServer`, checking login, list, get and put calls.
impacket now performs sanity checks if the requested and to be served file path actually is inside the real share path. Ref: fortra/impacket#1066 Fixes curl#7924
impacket now performs sanity checks if the requested and to be served file path actually is inside the real share path. Ref: fortra/impacket#1066 Fixes curl#7924
impacket now performs sanity checks if the requested and to be served file path actually is inside the real share path. Ref: fortra/impacket#1066 Fixes #7924 Closes #7935
Sorry about the large code diff because of the indentations.
Added def isInFileJail in line 551 and called it in smbComNtCreateAndX, findFirst2 and smb2Create functions.