diff options
| author | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-09-12 09:04:52 +0000 |
|---|---|---|
| committer | Claudio Jeker <claudio@cvs.openbsd.org> | 2024-09-12 09:04:52 +0000 |
| commit | fcfe8fd72ac55eee32e1ae4c3f0b666e93e99860 (patch) | |
| tree | ba55c524515d80e981c0aabb04278d86f7acd5fc /sys/ntfs | |
| parent | aa4fad549e1ba1fdf438a4eb3e57b60b485931fe (diff) | |
Ensure that file names passed back by readdir do not include a '/'
character. The '/' char is the path separator and is not allowed in
any filename.
NFS specific report by Apple Security Engineering and Architecture (SEAR).
Input from guenther@ and millert@
OK beck@ miod@
Diffstat (limited to 'sys/ntfs')
| -rw-r--r-- | sys/ntfs/ntfs_vnops.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/ntfs/ntfs_vnops.c b/sys/ntfs/ntfs_vnops.c index ad9da143aa6..a523c602b32 100644 --- a/sys/ntfs/ntfs_vnops.c +++ b/sys/ntfs/ntfs_vnops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntfs_vnops.c,v 1.49 2024/05/13 11:17:40 semarie Exp $ */ +/* $OpenBSD: ntfs_vnops.c,v 1.50 2024/09/12 09:04:51 claudio Exp $ */ /* $NetBSD: ntfs_vnops.c,v 1.6 2003/04/10 21:57:26 jdolecek Exp $ */ /* @@ -489,6 +489,10 @@ ntfs_readdir(void *v) "flag: %u, ", num, cde.d_name, iep->ie_fnametype, iep->ie_flag); cde.d_namlen = fname - (char *) cde.d_name; + if (memchr(cde.d_name, '/', cde.d_namlen) != NULL) { + error = EINVAL; + goto out; + } cde.d_fileno = iep->ie_number; cde.d_type = (iep->ie_fflag & NTFS_FFLAG_DIR) ? DT_DIR : DT_REG; cde.d_reclen = sizeof(struct dirent); |