Marcelo,
This patch also applies to 2.4, did you receive it on your side or do you
want me to queue it in -upstream ?
Regards,
Willy
On Thu, May 04, 2006 at 06:40:41PM -0700, Chris Wright wrote:
> From: Olaf Kirch <[email protected]>
>
> Mark Moseley reported that a chroot environment on a SMB share can be
> left via "cd ..\\". Similar to CVE-2006-1863 issue with cifs, this fix
> is for smbfs.
>
> Steven French <[email protected]> wrote:
>
> Looks fine to me. This should catch the slash on lookup or equivalent,
> which will be all obvious paths of interest.
>
> Signed-off-by: Chris Wright <[email protected]>
> ---
> This fix is in -stable, but doesn't appear to be in your tree yet.
>
> fs/smbfs/dir.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> --- linus-2.6.orig/fs/smbfs/dir.c
> +++ linus-2.6/fs/smbfs/dir.c
> @@ -434,6 +434,11 @@ smb_lookup(struct inode *dir, struct den
> if (dentry->d_name.len > SMB_MAXNAMELEN)
> goto out;
>
> + /* Do not allow lookup of names with backslashes in */
> + error = -EINVAL;
> + if (memchr(dentry->d_name.name, '\\', dentry->d_name.len))
> + goto out;
> +
> lock_kernel();
> error = smb_proc_getattr(dentry, &finfo);
> #ifdef SMBFS_PARANOIA
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
