s3: smb2 - strictly obey file name restrictions w.r.t. the SMB2 protocol spec.

MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request
If the file name length is greater than zero and the
first character is a path separator character, the
server MUST fail the request with
STATUS_INVALID_PARAMETER.

Found and fix confirmed by Microsoft test tool.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 4bb28d44e70a98209bef6c26460e1c7c1fffb981..4e2e6bc3ffd892986dbedfbbd7f4de59ada90783 100644 (file)
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -922,6 +922,22 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
                                return tevent_req_post(req, ev);
                        }
 
+                       /*
+                        * We know we're going to do a local open, so now
+                        * we must be protocol strict. JRA.
+                        *
+                        * MS-SMB2: 3.3.5.9 - Receiving an SMB2 CREATE Request
+                        * If the file name length is greater than zero and the
+                        * first character is a path separator character, the
+                        * server MUST fail the request with
+                        * STATUS_INVALID_PARAMETER.
+                        */
+                       if (in_name[0] == '\\' || in_name[0] == '/') {
+                               tevent_req_nterror(req,
+                                       NT_STATUS_INVALID_PARAMETER);
+                               return tevent_req_post(req, ev);
+                       }
+
                        status = SMB_VFS_CREATE_FILE(smb1req->conn,
                                                     smb1req,
                                                     0, /* root_dir_fid */