From 3001a8f649299d77a481f2898a914cbe929c195b Mon Sep 17 00:00:00 2001
From: Andrew Deason <adeason@sinenomine.net>
Date: Wed, 8 Jul 2015 14:37:16 -0400
Subject: [PATCH 6/6] vlserver: Disable regex volume name processing in ListAttributesN2

For the interim and until it is needed, this is most prudently
simply disabled.

FIXES 131890

Change-Id: Ib52da4ba38b579e51a0d8571e2da1307ae50a06f
---
 src/vlserver/vlprocs.c |   74 +++++------------------------------------------
 1 files changed, 8 insertions(+), 66 deletions(-)

diff --git a/src/vlserver/vlprocs.c b/src/vlserver/vlprocs.c
index f69ba58..4377616 100644
--- a/src/vlserver/vlprocs.c
+++ b/src/vlserver/vlprocs.c
@@ -1656,11 +1656,10 @@ ListAttributesN2(struct rx_call *rxcall,
     afs_int32 blockindex = 0, count = 0, k, match;
     afs_int32 matchindex = 0;
     int serverindex = -1;	/* no server found */
-    int findserver = 0, findpartition = 0, findflag = 0, findname = 0;
+    int findserver = 0, findpartition = 0, findflag = 0;
     int pollcount = 0;
     int namematchRWBK, namematchRO, thismatch;
     int matchtype = 0;
-    char volumename[VL_MAXNAMELEN+2]; /* regex anchors */
     char rxstr[AFS_RXINFO_LEN];
 #ifdef HAVE_POSIX_REGEX
     regex_t re;
@@ -1714,8 +1713,7 @@ ListAttributesN2(struct rx_call *rxcall,
     }
 
     /* Search each entry in the database and return all entries
-     * that match the request. It checks volumename (with
-     * wildcarding), entry flags, server, and partition.
+     * that match the request. It checks entry flags, server, and partition.
      */
     else {
 	/* Get the server index for matching server address */
@@ -1729,21 +1727,9 @@ ListAttributesN2(struct rx_call *rxcall,
 	findpartition = ((attributes->Mask & VLLIST_PARTITION) ? 1 : 0);
 	findflag = ((attributes->Mask & VLLIST_FLAG) ? 1 : 0);
 	if (name && (strcmp(name, ".*") != 0) && (strcmp(name, "") != 0)) {
-	    sprintf(volumename, "^%s$", name);
-#ifdef HAVE_POSIX_REGEX
-	    if (regcomp(&re, volumename, REG_NOSUB) != 0) {
-		code = VL_BADNAME;
-		goto done;
-	    }
-	    need_regfree = 1;
-#else
-	    t = (char *)re_comp(volumename);
-	    if (t) {
-		code = VL_BADNAME;
-		goto done;
-	    }
-#endif
-	    findname = 1;
+	    /* regex-matching code has been disabled for security reasons. */
+	    code = VL_BADNAME;
+	    goto done;
 	}
 
 	/* Read each entry and see if it is the one we want */
@@ -1773,38 +1759,12 @@ ListAttributesN2(struct rx_call *rxcall,
 		if (tentry.serverFlags[k] & VLSF_RWVOL) {
 		    /* Does the name match the RW name */
 		    if (tentry.flags & VLF_RWEXISTS) {
-			if (findname) {
-			    sprintf(volumename, "%s", tentry.name);
-#ifdef HAVE_POSIX_REGEX
-			    if (regexec(&re, volumename, 0, NULL, 0) == 0) {
-				thismatch = VLSF_RWVOL;
-			    }
-#else
-			    if (re_exec(volumename)) {
-				thismatch = VLSF_RWVOL;
-			    }
-#endif
-			} else {
-			    thismatch = VLSF_RWVOL;
-			}
+			thismatch = VLSF_RWVOL;
 		    }
 
 		    /* Does the name match the BK name */
 		    if (!thismatch && (tentry.flags & VLF_BACKEXISTS)) {
-			if (findname) {
-			    sprintf(volumename, "%s.backup", tentry.name);
-#ifdef HAVE_POSIX_REGEX
-			    if (regexec(&re, volumename, 0, NULL, 0) == 0) {
-				thismatch = VLSF_BACKVOL;
-			    }
-#else
-			    if (re_exec(volumename)) {
-				thismatch = VLSF_BACKVOL;
-			    }
-#endif
-			} else {
-			    thismatch = VLSF_BACKVOL;
-			}
+			thismatch = VLSF_BACKVOL;
 		    }
 
 		    namematchRWBK = (thismatch ? 1 : 2);
@@ -1816,25 +1776,7 @@ ListAttributesN2(struct rx_call *rxcall,
 		 */
 		else {
 		    if (tentry.flags & VLF_ROEXISTS) {
-			if (findname) {
-			    if (namematchRO) {
-				thismatch =
-				    ((namematchRO == 1) ? VLSF_ROVOL : 0);
-			    } else {
-				sprintf(volumename, "%s.readonly",
-					tentry.name);
-#ifdef HAVE_POSIX_REGEX
-			    if (regexec(&re, volumename, 0, NULL, 0) == 0) {
-				thismatch = VLSF_ROVOL;
-			    }
-#else
-				if (re_exec(volumename))
-				    thismatch = VLSF_ROVOL;
-#endif
-			    }
-			} else {
-			    thismatch = VLSF_ROVOL;
-			}
+			thismatch = VLSF_ROVOL;
 		    }
 		    namematchRO = (thismatch ? 1 : 2);
 		}
-- 
1.7.1

