Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-23 08:53:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys: IRP_MJ_CREATE: FileName validation and other checks

Browse Source
This commit is contained in:
Bill Zissimopoulos 2016-02-10 12:05:53 -08:00
parent 5d26211c38
commit d8bb5bf976
1 changed files with 28 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
src/sys/create.c
View File

@ -153,7 +153,6 @@ static NTSTATUS FspFsvolCreateNoLock(
FlagOn(Flags, SL_FORCE_ACCESS_CHECK) ? UserMode : Irp->RequestorMode; FlagOn(Flags, SL_FORCE_ACCESS_CHECK) ? UserMode : Irp->RequestorMode;
BOOLEAN HasTraversePrivilege = BOOLEAN HasTraversePrivilege =
BooleanFlagOn(AccessState->Flags, TOKEN_HAS_TRAVERSE_PRIVILEGE); BooleanFlagOn(AccessState->Flags, TOKEN_HAS_TRAVERSE_PRIVILEGE);
BOOLEAN HasTrailingBackslash = FALSE;
FSP_FILE_NODE *FileNode, *RelatedFileNode; FSP_FILE_NODE *FileNode, *RelatedFileNode;
FSP_FILE_DESC *FileDesc; FSP_FILE_DESC *FileDesc;
FSP_FSCTL_TRANSACT_REQ *Request; FSP_FSCTL_TRANSACT_REQ *Request;
@ -195,12 +194,12 @@ static NTSTATUS FspFsvolCreateNoLock(
FileName.Length -= sizeof(WCHAR); FileName.Length -= sizeof(WCHAR);
FileName.MaximumLength -= sizeof(WCHAR); FileName.MaximumLength -= sizeof(WCHAR);
FileName.Buffer++; FileName.Buffer++;
if (sizeof(WCHAR) * 2 <= FileName.Length &&
L'\\' == FileName.Buffer[1] && L'\\' == FileName.Buffer[0])
return STATUS_OBJECT_NAME_INVALID;
} }
/* check filename validity */
if (!FspUnicodePathIsValid(&FileName, 0 != FsvolDeviceExtension->VolumeParams.NamedStreams))
return STATUS_OBJECT_NAME_INVALID;
/* is this a relative or absolute open? */ /* is this a relative or absolute open? */
if (0 != RelatedFileObject) if (0 != RelatedFileObject)
{ {
@ -219,20 +218,6 @@ static NTSTATUS FspFsvolCreateNoLock(
if (sizeof(WCHAR) <= FileName.Length && L'\\' == FileName.Buffer[0]) if (sizeof(WCHAR) <= FileName.Length && L'\\' == FileName.Buffer[0])
return STATUS_OBJECT_NAME_INVALID; return STATUS_OBJECT_NAME_INVALID;
/* not all operations allowed on the root directory */
if ((FILE_CREATE == CreateDisposition ||
FILE_OVERWRITE == CreateDisposition ||
FILE_OVERWRITE_IF == CreateDisposition ||
FILE_SUPERSEDE == CreateDisposition ||
BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY)) &&
sizeof(WCHAR) == RelatedFileNode->FileName.Length && 0 == FileName.Length)
return STATUS_ACCESS_DENIED;
/* cannot FILE_DELETE_ON_CLOSE on the root directory */
if (FlagOn(CreateOptions, FILE_DELETE_ON_CLOSE) &&
sizeof(WCHAR) == RelatedFileNode->FileName.Length && 0 == FileName.Length)
return STATUS_CANNOT_DELETE;
BOOLEAN AppendBackslash = BOOLEAN AppendBackslash =
sizeof(WCHAR) * 2/* not empty or root */ <= RelatedFileNode->FileName.Length && sizeof(WCHAR) * 2/* not empty or root */ <= RelatedFileNode->FileName.Length &&
sizeof(WCHAR) <= FileName.Length && L':' != FileName.Buffer[0]; sizeof(WCHAR) <= FileName.Length && L':' != FileName.Buffer[0];
@ -256,20 +241,6 @@ static NTSTATUS FspFsvolCreateNoLock(
if (sizeof(WCHAR) <= FileName.Length && L'\\' != FileName.Buffer[0]) if (sizeof(WCHAR) <= FileName.Length && L'\\' != FileName.Buffer[0])
return STATUS_OBJECT_NAME_INVALID; return STATUS_OBJECT_NAME_INVALID;
/* not all operations allowed on the root directory */
if ((FILE_CREATE == CreateDisposition ||
FILE_OVERWRITE == CreateDisposition ||
FILE_OVERWRITE_IF == CreateDisposition ||
FILE_SUPERSEDE == CreateDisposition ||
BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY)) &&
sizeof(WCHAR) == FileName.Length)
return STATUS_ACCESS_DENIED;
/* cannot FILE_DELETE_ON_CLOSE on the root directory */
if (FlagOn(CreateOptions, FILE_DELETE_ON_CLOSE) &&
sizeof(WCHAR) == FileName.Length)
return STATUS_CANNOT_DELETE;
Result = FspFileNodeCreate(FsvolDeviceObject, Result = FspFileNodeCreate(FsvolDeviceObject,
FileName.Length, FileName.Length,
&FileNode); &FileNode);
@ -297,24 +268,39 @@ static NTSTATUS FspFsvolCreateNoLock(
FileNode->FileName.Buffer += FsvolDeviceExtension->VolumePrefix.Length / sizeof(WCHAR); FileNode->FileName.Buffer += FsvolDeviceExtension->VolumePrefix.Length / sizeof(WCHAR);
} }
ASSERT(sizeof(WCHAR) <= FileNode->FileName.Length && L'\\' == FileNode->FileName.Buffer[0]);
/* check for trailing backslash */ /* check for trailing backslash */
if (sizeof(WCHAR) * 2/* not empty or root */ <= FileNode->FileName.Length && if (sizeof(WCHAR) * 2/* not empty or root */ <= FileNode->FileName.Length &&
L'\\' == FileNode->FileName.Buffer[FileNode->FileName.Length / sizeof(WCHAR) - 1]) L'\\' == FileNode->FileName.Buffer[FileNode->FileName.Length / sizeof(WCHAR) - 1])
{ {
FileNode->FileName.Length -= sizeof(WCHAR); if (!FlagOn(CreateOptions, FILE_DIRECTORY_FILE))
HasTrailingBackslash = TRUE; {
FspFileNodeDereference(FileNode);
return STATUS_OBJECT_NAME_INVALID;
}
if (sizeof(WCHAR) * 2 <= FileNode->FileName.Length && FileNode->FileName.Length -= sizeof(WCHAR);
L'\\' == FileNode->FileName.Buffer[FileNode->FileName.Length / sizeof(WCHAR) - 1]) }
/* not all operations allowed on the root directory */
if (sizeof(WCHAR) == FileNode->FileName.Length &&
(FILE_CREATE == CreateDisposition ||
FILE_OVERWRITE == CreateDisposition ||
FILE_OVERWRITE_IF == CreateDisposition ||
FILE_SUPERSEDE == CreateDisposition ||
BooleanFlagOn(Flags, SL_OPEN_TARGET_DIRECTORY)))
{ {
FspFileNodeDereference(FileNode); FspFileNodeDereference(FileNode);
return STATUS_OBJECT_NAME_INVALID; return STATUS_ACCESS_DENIED;
} }
}
if (HasTrailingBackslash && !FlagOn(CreateOptions, FILE_DIRECTORY_FILE)) /* cannot FILE_DELETE_ON_CLOSE on the root directory */
if (sizeof(WCHAR) == FileNode->FileName.Length &&
FlagOn(CreateOptions, FILE_DELETE_ON_CLOSE))
{ {
FspFileNodeDereference(FileNode); FspFileNodeDereference(FileNode);
return STATUS_OBJECT_NAME_INVALID; return STATUS_CANNOT_DELETE;
} }
Result = FspFileDescCreate(&FileDesc); Result = FspFileDescCreate(&FileDesc);