s3: Fix check_reduced_name for access to the share root itself

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 5465aa9548b1183dd4b9e99befd4f7c01ba93624..03d6bf278bce9842641d723ee82e270ca213d372 100644 (file)
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -954,6 +954,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
        /* Check for widelinks allowed. */
        if (!lp_widelinks(SNUM(conn))) {
                    const char *conn_rootdir;
+                   size_t rootdirlen;
 
                    conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname);
                    if (conn_rootdir == NULL) {
@@ -965,8 +966,22 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname)
                            return NT_STATUS_ACCESS_DENIED;
                    }
 
+                   DEBUG(10, ("resolved_name=%s\n", resolved_name));
+                   DEBUGADD(10, ("conn_rootdir =%s\n", conn_rootdir));
+
+                   rootdirlen = strlen(conn_rootdir);
+
+                   /*
+                    * We have to take care of an access to the
+                    * rootdir itself.
+                    */
+                   if ((strlen(resolved_name) == (rootdirlen-1))
+                       && (conn_rootdir[rootdirlen-1] == '/')) {
+                           rootdirlen -= 1;
+                   }
+
                    if (strncmp(conn_rootdir, resolved_name,
-                               strlen(conn_rootdir)) != 0) {
+                               rootdirlen) != 0) {
                            DEBUG(2, ("check_reduced_name: Bad access "
                                      "attempt: %s is a symlink outside the "
                                      "share path\n", fname));