Skip to content

/ glusterfs

Permalink
Browse files

server-protocol: don't allow '../' path in 'name' 

This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

Fixes: bz#1625095

Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
  • Loading branch information
@amarts @thotz
amarts authored and thotz committed Sep 6, 2018
1 parent 46fce2e commit 2af8e50a55085df7ede57184558029afc46fb8f9
Unified Split
Showing with 18 additions and 0 deletions.
  1. +12 −0 xlators/protocol/server/src/server-resolve.c
  2. +6 −0 xlators/storage/posix/src/posix-handle.h
12 xlators/protocol/server/src/server-resolve.c
View file
@@ -311,6 +311,18 @@ resolve_entry_simple (call_frame_t *frame)
/* expected @parent was found from the inode cache */
gf_uuid_copy (state->loc_now->pargfid, resolve->pargfid);
state->loc_now->parent = inode_ref (parent);

if (strstr (resolve->bname, "../")) {
/* Resolving outside the parent's tree is not allowed */
gf_msg (this->name, GF_LOG_ERROR, EPERM,
PS_MSG_GFID_RESOLVE_FAILED,
"%s: path sent by client not allowed",
resolve->bname);
resolve->op_ret = -1;
resolve->op_errno = EPERM;
ret = 1;
goto out;
}
state->loc_now->name = resolve->bname;

inode = inode_grep (state->itable, parent, resolve->bname);
6 xlators/storage/posix/src/posix-handle.h
View file
@@ -142,6 +142,12 @@
break; \
} \
\
if (strstr (loc->name, "../")) { \
gf_msg (this->name, GF_LOG_ERROR, 0, P_MSG_ENTRY_HANDLE_CREATE, \
"'../' in name not allowed: (%s)", loc->name); \
op_ret = -1; \
break; \
} \
if (LOC_HAS_ABSPATH (loc)) { \
MAKE_REAL_PATH (entp, this, loc->path); \
__parp = strdupa (entp); \

0 comments on commit 2af8e50

Please sign in to comment.