Permalink
Browse files

server-protocol: don't allow '../' path in 'name'

This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
  • Loading branch information...
amarts authored and thotz committed Aug 9, 2018
1 parent 46fce2e commit 2af8e50a55085df7ede57184558029afc46fb8f9
Showing with 18 additions and 0 deletions.
  1. +12 −0 xlators/protocol/server/src/server-resolve.c
  2. +6 −0 xlators/storage/posix/src/posix-handle.h
@@ -311,6 +311,18 @@ resolve_entry_simple (call_frame_t *frame)
/* expected @parent was found from the inode cache */
gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
state->loc_now->parent = inode_ref (parent);
if (strstr (resolve->bname, "../")) {
/* Resolving outside the parent's tree is not allowed */
gf_msg (this->name, GF_LOG_ERROR, EPERM,
PS_MSG_GFID_RESOLVE_FAILED,
"%s: path sent by client not allowed",
resolve->bname);
resolve->op_ret = -1;
resolve->op_errno = EPERM;
ret = 1;
goto out;
}
state->loc_now->name = resolve->bname;
inode = inode_grep (state->itable, parent, resolve->bname);
@@ -142,6 +142,12 @@
break; \
} \
\
if (strstr (loc->name, "../")) { \
gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
"'../' in name not allowed: (%s)", loc->name); \
op_ret = -1; \
break; \
} \
if (LOC_HAS_ABSPATH (loc)) { \
MAKE_REAL_PATH (entp, this, loc->path); \
__parp = strdupa (entp); \

0 comments on commit 2af8e50

Please sign in to comment.