Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
server-protocol: don't allow '../' path in 'name'
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
  • Loading branch information
amarts authored and thotz committed Sep 6, 2018
1 parent 46fce2e commit 2af8e50
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
12 changes: 12 additions & 0 deletions xlators/protocol/server/src/server-resolve.c
Expand Up @@ -311,6 +311,18 @@ resolve_entry_simple (call_frame_t *frame)
/* expected @parent was found from the inode cache */
gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
state->loc_now->parent = inode_ref (parent);

if (strstr (resolve->bname, "../")) {
/* Resolving outside the parent's tree is not allowed */
gf_msg (this->name, GF_LOG_ERROR, EPERM,
PS_MSG_GFID_RESOLVE_FAILED,
"%s: path sent by client not allowed",
resolve->bname);
resolve->op_ret = -1;
resolve->op_errno = EPERM;
ret = 1;
goto out;
}
state->loc_now->name = resolve->bname;

inode = inode_grep (state->itable, parent, resolve->bname);
Expand Down
6 changes: 6 additions & 0 deletions xlators/storage/posix/src/posix-handle.h
Expand Up @@ -142,6 +142,12 @@
break; \
} \
\
if (strstr (loc->name, "../")) { \
gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
"'../' in name not allowed: (%s)", loc->name); \
op_ret = -1; \
break; \
} \
if (LOC_HAS_ABSPATH (loc)) { \
MAKE_REAL_PATH (entp, this, loc->path); \
__parp = strdupa (entp); \
Expand Down

0 comments on commit 2af8e50

Please sign in to comment.