server-protocol: don't allow '../' path in 'name'

amarts · thotz · commit 2af8e50a5508 · 2018-09-06T15:00:58.000Z
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi &lt;amarts@redhat.com&gt;
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
diff --git a/xlators/protocol/server/src/server-resolve.c b/xlators/protocol/server/src/server-resolve.c
@@ -311,6 +311,18 @@ resolve_entry_simple (call_frame_t *frame)
         /* expected @parent was found from the inode cache */
         gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
         state->loc_now->parent = inode_ref (parent);
+
+        if (strstr (resolve->bname, "../")) {
+                /* Resolving outside the parent's tree is not allowed */
+                gf_msg (this->name, GF_LOG_ERROR, EPERM,
+                        PS_MSG_GFID_RESOLVE_FAILED,
+                        "%s: path sent by client not allowed",
+                        resolve->bname);
+                resolve->op_ret   = -1;
+                resolve->op_errno = EPERM;
+                ret = 1;
+                goto out;
+        }
         state->loc_now->name = resolve->bname;
 
         inode = inode_grep (state->itable, parent, resolve->bname);
diff --git a/xlators/storage/posix/src/posix-handle.h b/xlators/storage/posix/src/posix-handle.h
@@ -142,6 +142,12 @@
                 break;                                                  \
         }                                                               \
                                                                         \
+        if (strstr (loc->name, "../")) {                                \
+                gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
+                        "'../' in name not allowed: (%s)", loc->name); \
+                op_ret = -1;                                            \
+                break;                                                  \
+        }                                                               \
         if (LOC_HAS_ABSPATH (loc)) {                                    \
                 MAKE_REAL_PATH (entp, this, loc->path);                 \
                 __parp = strdupa (entp);                                \
