From 6c29a98e90c7d98e8c2e25f8ce449ed0d7b0875c Mon Sep 17 00:00:00 2001
From: Bill Zissimopoulos <billziss@navimatics.com>
Date: Mon, 7 Dec 2015 20:33:02 -0800
Subject: [PATCH] sys: IRP_MJ_CREATE: disallow trailing backslash without
 FILE_DIRECTORY_FILE

---
 inc/winfsp/fsctl.h |  1 -
 src/sys/create.c   | 15 +++++----------
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/inc/winfsp/fsctl.h b/inc/winfsp/fsctl.h
index 25555085..a0a5bd2c 100644
--- a/inc/winfsp/fsctl.h
+++ b/inc/winfsp/fsctl.h
@@ -107,7 +107,6 @@ typedef struct
             UINT32 HasTraversePrivilege:1;  /* requestor has TOKEN_HAS_TRAVERSE_PRIVILEGE */
             UINT32 OpenTargetDirectory:1;   /* open target dir and report FILE_{EXISTS,DOES_NOT_EXIST} */
             UINT32 CaseSensitive:1;         /* FileName comparisons should be case-sensitive */
-            UINT32 HasTrailingBackslash:1;  /* reserved: do not use */
         } Create;
         struct
         {
diff --git a/src/sys/create.c b/src/sys/create.c
index 4bc8ea42..371b4fc1 100644
--- a/src/sys/create.c
+++ b/src/sys/create.c
@@ -179,6 +179,11 @@ static NTSTATUS FspFsvolCreate(
                 goto exit;
             }
         }
+        if (HasTrailingBackslash && !FlagOn(CreateOptions, FILE_DIRECTORY_FILE))
+        {
+            Result = STATUS_OBJECT_NAME_INVALID;
+            goto exit;
+        }
 
         /* is this a relative or absolute open? */
         if (0 != RelatedFileObject)
@@ -268,7 +273,6 @@ static NTSTATUS FspFsvolCreate(
         Request->Req.Create.UserMode = UserMode == RequestorMode;
         Request->Req.Create.HasTraversePrivilege = HasTraversePrivilege;
         Request->Req.Create.OpenTargetDirectory = BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY);
-        Request->Req.Create.HasTrailingBackslash = HasTrailingBackslash;
         Request->Req.Create.CaseSensitive = BooleanFlagOn(Flags, SL_CASE_SENSITIVE);
 
         /* copy the security descriptor into the request */
@@ -389,7 +393,6 @@ VOID FspFsvolCreateComplete(
     ULONG Flags = IrpSp->Flags;
     KPROCESSOR_MODE RequestorMode =
         FlagOn(Flags, SL_FORCE_ACCESS_CHECK) ? UserMode : Irp->RequestorMode;
-    BOOLEAN HasTrailingBackslash = 0 != FspIrpContextRequest(Irp)->Req.Create.HasTrailingBackslash;
     FSP_FILE_CONTEXT *FsContext = FileObject->FsContext;
     ACCESS_MASK GrantedAccess;
     BOOLEAN Inserted = FALSE;
@@ -459,14 +462,6 @@ VOID FspFsvolCreateComplete(
     FsContext->UserContext = Response->Rsp.Create.Opened.UserContext;
     FileObject->FsContext2 = (PVOID)(UINT_PTR)Response->Rsp.Create.Opened.UserContext2;
 
-    /* check for trailing backslash */
-    if (HasTrailingBackslash &&
-        !FileCreated && !FlagOn(ResponseFileAttributes, FILE_ATTRIBUTE_DIRECTORY))
-    {
-        FspFsvolCreateClose(Irp, Response);
-        FSP_RETURN(Result = STATUS_OBJECT_NAME_INVALID);
-    }
-
     /* are we doing access checks? */
     if (!FsvrtDeviceExtension->VolumeParams.NoSystemAccessCheck)
     {