cnid_resolve: don't return '..' as a valid name, could be use to escape the volume...

diff --git a/NEWS b/NEWS
index 0d728beae66399c0d01345927345daeb8e0b875f..49ef3064239481a2e947548f86251eb60d8e701b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ Changes in 2.0.5
 * FIX: papd: Remove variable expansion for BSD printers. Fixes CVE-2008-5718.
 * FIX: afpd: .AppleDxxx folders were user accessible if option 'usedots'
        was set 
+* FIX: afpd: cnid_resolve: don't return '..' as a valid name.
 
 Changes in 2.0.4
 ================

diff --git a/libatalk/cnid/cnid.c b/libatalk/cnid/cnid.c
index d17f31e5992fa8d3d5c506ad5169fd29b329f190..aaf7803ef261eb5a67404f66ef8efa2c968ce258 100644 (file)
--- a/libatalk/cnid/cnid.c
+++ b/libatalk/cnid/cnid.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: cnid.c,v 1.1.4.11.2.4 2008-11-25 15:16:34 didg Exp $
+ * $Id: cnid.c,v 1.1.4.11.2.5 2009-07-20 18:35:30 didg Exp $
  *
  * Copyright (c) 2003 the Netatalk Team
  * Copyright (c) 2003 Rafal Lewczuk <rlewczuk@pronet.pl>
@@ -270,6 +270,10 @@ char *ret;
     block_signal(cdb->flags);
     ret = cdb->cnid_resolve(cdb, id, buffer, len);
     unblock_signal(cdb->flags);
+    if (ret && !strcmp(ret, "..")) {
+        LOG(log_error, logtype_afpd, "cnid_resolve: name is '..', corrupted db? ");
+        ret = NULL;
+    }
     return ret;
 }