From 9db333437599c96c0c6397fcfcfd378517548121 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Wed, 8 Jul 2015 14:37:16 -0400 Subject: [PATCH 5/6] vlserver: Disable regex volume name processing in ListAttributesN2 For the interim and until it is needed, this is most prudently simply disabled. FIXES 131890 (cherry pyckied from commit 3001a8f649299d77a481f2898a914cbe929c195b) (cherry picked from commit e1d73e39375f01fbb6b71691de69917658cd419f) Change-Id: Id1b5de3e5f254f6f32544ba2dc2e794671f044de --- src/vlserver/vlprocs.c | 73 +++++------------------------------------------ 1 files changed, 8 insertions(+), 65 deletions(-) diff --git a/src/vlserver/vlprocs.c b/src/vlserver/vlprocs.c index de2e5d0..9473296 100644 --- a/src/vlserver/vlprocs.c +++ b/src/vlserver/vlprocs.c @@ -1394,7 +1394,7 @@ SVL_ListAttributesN2(rxcall, attributes, name, startindex, nentries, struct nvldbentry *Vldbentry = 0, *VldbentryFirst = 0, *VldbentryLast = 0; afs_int32 blockindex = 0, count = 0, k, match, matchindex; int serverindex = -1; /* no server found */ - int findserver = 0, findpartition = 0, findflag = 0, findname = 0; + int findserver = 0, findpartition = 0, findflag = 0; char *t; int pollcount = 0; int namematchRWBK, namematchRO, thismatch, matchtype; @@ -1444,8 +1444,7 @@ SVL_ListAttributesN2(rxcall, attributes, name, startindex, nentries, } /* Search each entry in the database and return all entries - * that match the request. It checks volumename (with - * wildcarding), entry flags, server, and partition. + * that match the request. It checks entry flags, server, and partition. */ else { /* Get the server index for matching server address */ @@ -1459,21 +1458,9 @@ SVL_ListAttributesN2(rxcall, attributes, name, startindex, nentries, findpartition = ((attributes->Mask & VLLIST_PARTITION) ? 1 : 0); findflag = ((attributes->Mask & VLLIST_FLAG) ? 1 : 0); if (name && (strcmp(name, ".*") != 0) && (strcmp(name, "") != 0)) { - sprintf(volumename, "^%s$", name); -#ifdef HAVE_POSIX_REGEX - if (regcomp(&re, volumename, REG_NOSUB) != 0) { - errorcode = VL_BADNAME; - goto done; - } - need_regfree = 1; -#else - t = (char *)re_comp(volumename); - if (t) { - errorcode = VL_BADNAME; - goto done; - } -#endif - findname = 1; + /* regex-matching code has been disabled for security reasons. */ + errorcode = VL_BADNAME; + goto done; } /* Read each entry and see if it is the one we want */ @@ -1501,38 +1488,12 @@ SVL_ListAttributesN2(rxcall, attributes, name, startindex, nentries, if (tentry.serverFlags[k] & VLSF_RWVOL) { /* Does the name match the RW name */ if (tentry.flags & VLF_RWEXISTS) { - if (findname) { - sprintf(volumename, "%s", tentry.name); -#ifdef HAVE_POSIX_REGEX - if (regexec(&re, volumename, 0, NULL, 0) == 0) { - thismatch = VLSF_RWVOL; - } -#else - if (re_exec(volumename)) { - thismatch = VLSF_RWVOL; - } -#endif - } else { - thismatch = VLSF_RWVOL; - } + thismatch = VLSF_RWVOL; } /* Does the name match the BK name */ if (!thismatch && (tentry.flags & VLF_BACKEXISTS)) { - if (findname) { - sprintf(volumename, "%s.backup", tentry.name); -#ifdef HAVE_POSIX_REGEX - if (regexec(&re, volumename, 0, NULL, 0) == 0) { - thismatch = VLSF_BACKVOL; - } -#else - if (re_exec(volumename)) { - thismatch = VLSF_BACKVOL; - } -#endif - } else { - thismatch = VLSF_BACKVOL; - } + thismatch = VLSF_BACKVOL; } namematchRWBK = (thismatch ? 1 : 2); @@ -1544,25 +1505,7 @@ SVL_ListAttributesN2(rxcall, attributes, name, startindex, nentries, */ else { if (tentry.flags & VLF_ROEXISTS) { - if (findname) { - if (namematchRO) { - thismatch = - ((namematchRO == 1) ? VLSF_ROVOL : 0); - } else { - sprintf(volumename, "%s.readonly", - tentry.name); -#ifdef HAVE_POSIX_REGEX - if (regexec(&re, volumename, 0, NULL, 0) == 0) { - thismatch = VLSF_ROVOL; - } -#else - if (re_exec(volumename)) - thismatch = VLSF_ROVOL; -#endif - } - } else { - thismatch = VLSF_ROVOL; - } + thismatch = VLSF_ROVOL; } namematchRO = (thismatch ? 1 : 2); } -- 1.7.1