evin/ms-nfs41-client
3
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

driver: add checks for reparse points on volume

Browse source 
fail attempts to set/get reparse points when the filename is no longer than the vnetroot name (plus a \) to prevent these operations on a volume.  also adds checks for non-null buffers to pass Set/GetPointInvalidParamTest

Signed-off-by: Casey Bodley <cbodley@citi.umich.edu>
This commit is contained in:
Casey Bodley 2012-03-26 14:03:32 -04:00 committed by unknown
parent 4d18cf9ce7
commit 829c05d6b5
1 changed files with 32 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

39
sys/nfs41_driver.c
View file

@ -5889,7 +5889,8 @@ NTSTATUS nfs41_SetReparsePoint(
__notnull PREPARSE_DATA_BUFFER Reparse = (PREPARSE_DATA_BUFFER)FsCtl->pInputBuffer; __notnull PREPARSE_DATA_BUFFER Reparse = (PREPARSE_DATA_BUFFER)FsCtl->pInputBuffer;
__notnull PNFS41_FOBX Fobx = NFS41GetFobxExtension(RxContext->pFobx); __notnull PNFS41_FOBX Fobx = NFS41GetFobxExtension(RxContext->pFobx);
__notnull PMRX_SRV_OPEN SrvOpen = RxContext->pRelevantSrvOpen; __notnull PMRX_SRV_OPEN SrvOpen = RxContext->pRelevantSrvOpen;
__notnull PNFS41_V_NET_ROOT_EXTENSION VNetRoot = __notnull PV_NET_ROOT VNetRoot = (PV_NET_ROOT)SrvOpen->pVNetRoot;
__notnull PNFS41_V_NET_ROOT_EXTENSION VNetRootContext =
NFS41GetVNetRootExtension(SrvOpen->pVNetRoot); NFS41GetVNetRootExtension(SrvOpen->pVNetRoot);
__notnull PNFS41_NETROOT_EXTENSION pNetRootContext = __notnull PNFS41_NETROOT_EXTENSION pNetRootContext =
NFS41GetNetRootExtension(SrvOpen->pVNetRoot->pNetRoot); NFS41GetNetRootExtension(SrvOpen->pVNetRoot->pNetRoot);
@ -5902,7 +5903,7 @@ NTSTATUS nfs41_SetReparsePoint(
print_reparse_buffer(Reparse); print_reparse_buffer(Reparse);
#endif #endif
/* access checks */ /* access checks */
if (VNetRoot->read_only) { if (VNetRootContext->read_only) {
status = STATUS_MEDIA_WRITE_PROTECTED; status = STATUS_MEDIA_WRITE_PROTECTED;
goto out; goto out;
} }
@ -5911,6 +5912,18 @@ NTSTATUS nfs41_SetReparsePoint(
goto out; goto out;
} }
/* must have a filename longer than vnetroot name,
* or it's trying to operate on the volume itself */
if (RxContext->CurrentIrpSp->FileObject->FileName.Length <=
VNetRoot->PrefixEntry.Prefix.Length + sizeof(WCHAR)) {
status = STATUS_INVALID_PARAMETER;
goto out;
}
if (FsCtl->pOutputBuffer != NULL) {
status = STATUS_INVALID_PARAMETER;
goto out;
}
/* validate input buffer and length */ /* validate input buffer and length */
if (!Reparse) { if (!Reparse) {
status = STATUS_INVALID_BUFFER_SIZE; status = STATUS_INVALID_BUFFER_SIZE;
@ -5943,7 +5956,7 @@ NTSTATUS nfs41_SetReparsePoint(
Reparse->SymbolicLinkReparseBuffer.PrintNameOffset/sizeof(WCHAR)]; Reparse->SymbolicLinkReparseBuffer.PrintNameOffset/sizeof(WCHAR)];
status = nfs41_UpcallCreate(NFS41_SYMLINK, &Fobx->sec_ctx, status = nfs41_UpcallCreate(NFS41_SYMLINK, &Fobx->sec_ctx,
VNetRoot->session, Fobx->nfs41_open_state, VNetRootContext->session, Fobx->nfs41_open_state,
pNetRootContext->nfs41d_version, SrvOpen->pAlreadyPrefixedName, &entry); pNetRootContext->nfs41d_version, SrvOpen->pAlreadyPrefixedName, &entry);
if (status) goto out; if (status) goto out;
@ -5951,7 +5964,7 @@ NTSTATUS nfs41_SetReparsePoint(
entry->u.Symlink.target = &TargetName; entry->u.Symlink.target = &TargetName;
entry->u.Symlink.set = TRUE; entry->u.Symlink.set = TRUE;
status = nfs41_UpcallWaitForReply(entry, VNetRoot->timeout); status = nfs41_UpcallWaitForReply(entry, VNetRootContext->timeout);
if (status) goto out; if (status) goto out;
status = map_symlink_errors(entry->status); status = map_symlink_errors(entry->status);
@ -5971,7 +5984,8 @@ NTSTATUS nfs41_GetReparsePoint(
XXCTL_LOWIO_COMPONENT *FsCtl = &RxContext->LowIoContext.ParamsFor.FsCtl; XXCTL_LOWIO_COMPONENT *FsCtl = &RxContext->LowIoContext.ParamsFor.FsCtl;
__notnull PNFS41_FOBX Fobx = NFS41GetFobxExtension(RxContext->pFobx); __notnull PNFS41_FOBX Fobx = NFS41GetFobxExtension(RxContext->pFobx);
__notnull PMRX_SRV_OPEN SrvOpen = RxContext->pRelevantSrvOpen; __notnull PMRX_SRV_OPEN SrvOpen = RxContext->pRelevantSrvOpen;
__notnull PNFS41_V_NET_ROOT_EXTENSION VNetRoot = __notnull PV_NET_ROOT VNetRoot = (PV_NET_ROOT)SrvOpen->pVNetRoot;
__notnull PNFS41_V_NET_ROOT_EXTENSION VNetRootContext =
NFS41GetVNetRootExtension(SrvOpen->pVNetRoot); NFS41GetVNetRootExtension(SrvOpen->pVNetRoot);
__notnull PNFS41_NETROOT_EXTENSION pNetRootContext = __notnull PNFS41_NETROOT_EXTENSION pNetRootContext =
NFS41GetNetRootExtension(SrvOpen->pVNetRoot->pNetRoot); NFS41GetNetRootExtension(SrvOpen->pVNetRoot->pNetRoot);
@ -5983,6 +5997,17 @@ NTSTATUS nfs41_GetReparsePoint(
DbgEn(); DbgEn();
#endif #endif
/* must have a filename longer than vnetroot name,
* or it's trying to operate on the volume itself */
if (RxContext->CurrentIrpSp->FileObject->FileName.Length <=
VNetRoot->PrefixEntry.Prefix.Length + sizeof(WCHAR)) {
status = STATUS_INVALID_PARAMETER;
goto out;
}
if (FsCtl->pInputBuffer != NULL) {
status = STATUS_INVALID_PARAMETER;
goto out;
}
if (!FsCtl->pOutputBuffer) { if (!FsCtl->pOutputBuffer) {
status = STATUS_INVALID_USER_BUFFER; status = STATUS_INVALID_USER_BUFFER;
goto out; goto out;
@ -6005,7 +6030,7 @@ NTSTATUS nfs41_GetReparsePoint(
HeaderLen, 0xFFFF); HeaderLen, 0xFFFF);
status = nfs41_UpcallCreate(NFS41_SYMLINK, &Fobx->sec_ctx, status = nfs41_UpcallCreate(NFS41_SYMLINK, &Fobx->sec_ctx,
VNetRoot->session, Fobx->nfs41_open_state, VNetRootContext->session, Fobx->nfs41_open_state,
pNetRootContext->nfs41d_version, SrvOpen->pAlreadyPrefixedName, &entry); pNetRootContext->nfs41d_version, SrvOpen->pAlreadyPrefixedName, &entry);
if (status) goto out; if (status) goto out;
@ -6013,7 +6038,7 @@ NTSTATUS nfs41_GetReparsePoint(
entry->u.Symlink.target = &TargetName; entry->u.Symlink.target = &TargetName;
entry->u.Symlink.set = FALSE; entry->u.Symlink.set = FALSE;
status = nfs41_UpcallWaitForReply(entry, VNetRoot->timeout); status = nfs41_UpcallWaitForReply(entry, VNetRootContext->timeout);
if (status) goto out; if (status) goto out;
status = map_symlink_errors(entry->status); status = map_symlink_errors(entry->status);