From 0bb35e246141f6cbea4831d30d3375f3e7bce72d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Mon, 21 Oct 2024 15:45:47 +0200
Subject: [PATCH] pysmbd: Python code calls smbd code with "." and ".."

Soon we will call filename_convert_dirfsp() on these, which can't deal
with paths that are invalid by containing . and .. as path components.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---
 source3/smbd/pysmbd.c | 49 +++++++++++++++++++++++++++----------------------
 1 file changed, 27 insertions(+), 22 deletions(-)

diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index e1f889dad30..9fe885a51b0 100644
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -133,9 +133,10 @@ static int set_sys_acl_conn(const char *fname,
 	TALLOC_CTX *frame = talloc_stackframe();
 	NTSTATUS status;
 
-	smb_fname = synthetic_smb_fname_split(frame,
-					fname,
-					lp_posix_pathnames());
+	smb_fname = synthetic_smb_fname_split(
+		frame,
+		canonicalize_absolute_path(talloc_tos(), fname),
+		lp_posix_pathnames());
 	if (smb_fname == NULL) {
 		TALLOC_FREE(frame);
 		return -1;
@@ -186,9 +187,10 @@ static NTSTATUS init_files_struct(TALLOC_CTX *mem_ctx,
 	}
 	fsp->conn = conn;
 
-	smb_fname = synthetic_smb_fname_split(fsp,
-					      fname,
-					      lp_posix_pathnames());
+	smb_fname = synthetic_smb_fname_split(
+		fsp,
+		canonicalize_absolute_path(talloc_tos(), fname),
+		lp_posix_pathnames());
 	if (smb_fname == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -302,9 +304,10 @@ static NTSTATUS get_nt_acl_conn(TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	struct smb_filename *smb_fname =  NULL;
 
-	smb_fname = synthetic_smb_fname_split(frame,
-					fname,
-					lp_posix_pathnames());
+	smb_fname = synthetic_smb_fname_split(
+		frame,
+		canonicalize_absolute_path(talloc_tos(), fname),
+		lp_posix_pathnames());
 
 	if (smb_fname == NULL) {
 		TALLOC_FREE(frame);
@@ -697,9 +700,10 @@ static PyObject *py_smbd_unlink(PyObject *self, PyObject *args, PyObject *kwargs
 		return NULL;
 	}
 
-	smb_fname = synthetic_smb_fname_split(frame,
-					fname,
-					lp_posix_pathnames());
+	smb_fname = synthetic_smb_fname_split(
+		frame,
+		canonicalize_absolute_path(talloc_tos(), fname),
+		lp_posix_pathnames());
 	if (smb_fname == NULL) {
 		TALLOC_FREE(frame);
 		return PyErr_NoMemory();
@@ -1038,9 +1042,10 @@ static PyObject *py_smbd_get_sys_acl(PyObject *self, PyObject *args, PyObject *k
 		return NULL;
 	}
 
-	smb_fname = synthetic_smb_fname_split(frame,
-					fname,
-					lp_posix_pathnames());
+	smb_fname = synthetic_smb_fname_split(
+		frame,
+		canonicalize_absolute_path(talloc_tos(), fname),
+		lp_posix_pathnames());
 	if (smb_fname == NULL) {
 		TALLOC_FREE(frame);
 		return NULL;
@@ -1127,13 +1132,13 @@ static PyObject *py_smbd_mkdir(PyObject *self, PyObject *args, PyObject *kwargs)
 		return NULL;
 	}
 
-	smb_fname = synthetic_smb_fname(talloc_tos(),
-					fname,
-					NULL,
-					NULL,
-					0,
-					lp_posix_pathnames() ?
-					SMB_FILENAME_POSIX_PATH : 0);
+	smb_fname = synthetic_smb_fname(
+		talloc_tos(),
+		canonicalize_absolute_path(talloc_tos(), fname),
+		NULL,
+		NULL,
+		0,
+		lp_posix_pathnames() ? SMB_FILENAME_POSIX_PATH : 0);
 
 	if (smb_fname == NULL) {
 		TALLOC_FREE(frame);
-- 
2.11.4.GIT