#571 Incorrect work getvolbypath() function with some paths

None
closed
nobody
None
1
2014-06-24
2014-06-24
gaaronk
No

Hello!

Incorrect work getvolbypath() function in the netatalk_conf.c whe using (for example in ad utility) paths like this "../../volume2" or "/opt/volume2/../volume1"

This is patch to use internal function realpath_safe() to build absolute path.

--- libatalk/util/netatalk_conf.c.orig  2014-06-03 09:40:44.000000000 +0400
+++ libatalk/util/netatalk_conf.c   2014-06-24 14:10:56.418382207 +0400
@@ -1600,9 +1600,9 @@
     struct vol *tmp;
     const struct passwd *pw;
     char        volname[AFPVOL_U8MNAMELEN + 1];
-    char        abspath[MAXPATHLEN + 1];
     char        volpath[MAXPATHLEN + 1], *realvolpath = NULL;
     char        tmpbuf[MAXPATHLEN + 1];
+    char        *realabspath = NULL;
     const char *secname, *basedir, *p = NULL, *subpath = NULL, *subpathconfig;
     char *user = NULL, *prw;
     regmatch_t match[1];
@@ -1610,26 +1610,9 @@

     LOG(log_debug, logtype_afpd, "getvolbypath(\"%s\")", path);

-    if (path[0] != '/') {
-        /* relative path, build absolute path */
-        EC_NULL_LOG( getcwd(abspath, MAXPATHLEN) );
-        strlcat(abspath, "/", MAXPATHLEN);
-        strlcat(abspath, path, MAXPATHLEN);
-        path = abspath;
-    } else {
-        strlcpy(abspath, path, MAXPATHLEN);
-        path = abspath;
-    }
-    /* path now points to a copy of path in the abspath buffer */
-
-    /*
-     * Strip trailing slashes
-     */
-    abspath_len = strlen(abspath);
-    while (abspath[abspath_len - 1] == '/') {
-        abspath[abspath_len - 1] = 0;
-        abspath_len--;
-    }
+    /*  build absolute path */
+    EC_NULL( realabspath = realpath_safe(path) );
+    path = realabspath;

     for (tmp = Volumes; tmp; tmp = tmp->v_next) { /* (1) */
         if (strcmp(path, tmp->v_path) == 0) {
@@ -1746,6 +1729,8 @@
         free(user);
     if (realvolpath)
         free(realvolpath);
+    if (realabspath)
+        free(realabspath);
     if (ret != 0)
         vol = NULL;
     return vol;

Discussion

  • Ralph Böhme

    Ralph Böhme - 2014-06-24
    • status: open --> closed
    • Group: -->
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks