From 3c40f57481dd8e1330421f2c4c0bd04dd74e2fb6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 Jan 2023 18:28:54 -0800 Subject: [PATCH] s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set. MacOS clients send SMB2 DFS pathnames as \server\share\file\name. Ensure smbd can cope with this by stipping any leading '\\' characters from an SMB2 packet with the DFS flag set. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15277 NB. The test for this is not back-ported to 4.17 as there are too many changes in the test infrastructure and supporting client libraries between 4.17 and master. Back-ported from c9a6e242d15ee707a2e30f973fd37e80b3225aca. Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke --- source3/smbd/smb2_create.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 75b9c7d28ff..cee67eab2d1 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -771,6 +771,17 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, in_file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS; + is_dfs = (smb1req->flags2 & FLAGS2_DFS_PATHNAMES); + if (is_dfs) { + /* + * With a DFS flag set, remove any leading '\\' + * characters from in_name before further processing. + */ + while (in_name[0] == '\\') { + in_name++; + } + } + state->fname = talloc_strdup(state, in_name); if (tevent_req_nomem(state->fname, req)) { return tevent_req_post(req, state->ev); @@ -961,8 +972,6 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, state->lease_ptr = NULL; } - is_dfs = (smb1req->flags2 & FLAGS2_DFS_PATHNAMES); - /* convert '\\' into '/' */ status = check_path_syntax_smb2(state->fname, is_dfs); if (!NT_STATUS_IS_OK(status)) { -- 2.34.1