jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 05:27:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

vlserver: limit use of regex to admins always

Browse Source 
allow regexes only if the querying user is a superuser.
if the superuser uses up all the resources, well, they could just do
whatever damage directly anyway. means even in unrestricted mode
we are not vulnerable

Change-Id: Ib35d649f31e752ba5ae8373a06b67ea76f97425c
Reviewed-on: http://gerrit.openafs.org/11968
Reviewed-by: Daria Brashear <shadow@your-file-system.com>
Reviewed-by: Mark Vitale <mvitale@sinenomine.net>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
This commit is contained in:
D Brashear 2014-07-18 16:00:12 -04:00 committed by Jeffrey Altman
parent fc43236872
commit 049323e7e0
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/vlserver/vlprocs.c
View File

@ -1729,6 +1729,10 @@ ListAttributesN2(struct rx_call *rxcall,
findpartition = ((attributes->Mask & VLLIST_PARTITION) ? 1 : 0); findpartition = ((attributes->Mask & VLLIST_PARTITION) ? 1 : 0);
findflag = ((attributes->Mask & VLLIST_FLAG) ? 1 : 0); findflag = ((attributes->Mask & VLLIST_FLAG) ? 1 : 0);
if (name && (strcmp(name, ".*") != 0) && (strcmp(name, "") != 0)) { if (name && (strcmp(name, ".*") != 0) && (strcmp(name, "") != 0)) {
if (!afsconf_SuperUser(vldb_confdir, rxcall, NULL)) {
code = VL_PERM;
goto done;
}
sprintf(volumename, "^%s$", name); sprintf(volumename, "^%s$", name);
#ifdef HAVE_POSIX_REGEX #ifdef HAVE_POSIX_REGEX
if (regcomp(&re, volumename, REG_NOSUB) != 0) { if (regcomp(&re, volumename, REG_NOSUB) != 0) {