From: didg <didg>
Date: Mon, 20 Jul 2009 18:35:30 +0000 (+0000)
Subject: cnid_resolve: don't return '..' as a valid name, could be use to escape the volume... 
X-Git-Tag: netatalk-2-0-5-rc1~7
X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=commitdiff_plain;h=d55ea446c5088689f13fe1c419a3c0a740cd70ff;ds=sidebyside

cnid_resolve: don't return '..' as a valid name, could be use to escape the volume root folder, unsure if it's really doable
---

diff --git a/NEWS b/NEWS
index 0d728bea..49ef3064 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@ Changes in 2.0.5
 * FIX: papd: Remove variable expansion for BSD printers. Fixes CVE-2008-5718.
 * FIX: afpd: .AppleDxxx folders were user accessible if option 'usedots'
        was set 
+* FIX: afpd: cnid_resolve: don't return '..' as a valid name.
 
 Changes in 2.0.4
 ================
diff --git a/libatalk/cnid/cnid.c b/libatalk/cnid/cnid.c
index d17f31e5..aaf7803e 100644
--- a/libatalk/cnid/cnid.c
+++ b/libatalk/cnid/cnid.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: cnid.c,v 1.1.4.11.2.4 2008-11-25 15:16:34 didg Exp $
+ * $Id: cnid.c,v 1.1.4.11.2.5 2009-07-20 18:35:30 didg Exp $
  *
  * Copyright (c) 2003 the Netatalk Team
  * Copyright (c) 2003 Rafal Lewczuk <rlewczuk@pronet.pl>
@@ -270,6 +270,10 @@ char *ret;
     block_signal(cdb->flags);
     ret = cdb->cnid_resolve(cdb, id, buffer, len);
     unblock_signal(cdb->flags);
+    if (ret && !strcmp(ret, "..")) {
+        LOG(log_error, logtype_afpd, "cnid_resolve: name is '..', corrupted db? ");
+        ret = NULL;
+    }
     return ret;
 }