From e1d73e39375f01fbb6b71691de69917658cd419f Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Wed, 8 Jul 2015 14:37:16 -0400 Subject: [PATCH 6/7] vlserver: Disable regex volume name processing in ListAttributesN2 For the interim and until it is needed, this is most prudently simply disabled. FIXES 131890 (cherry pyckied from commit 3001a8f649299d77a481f2898a914cbe929c195b) Change-Id: I612ea4a1c85fdb895acc6a71801e659869e849c2 --- src/vlserver/vlprocs.c | 74 +++++------------------------------------------ 1 files changed, 8 insertions(+), 66 deletions(-) diff --git a/src/vlserver/vlprocs.c b/src/vlserver/vlprocs.c index 4fb5db0..1cd0441 100644 --- a/src/vlserver/vlprocs.c +++ b/src/vlserver/vlprocs.c @@ -1446,11 +1446,10 @@ SVL_ListAttributesN2(struct rx_call *rxcall, afs_int32 blockindex = 0, count = 0, k, match; afs_int32 matchindex = 0; int serverindex = -1; /* no server found */ - int findserver = 0, findpartition = 0, findflag = 0, findname = 0; + int findserver = 0, findpartition = 0, findflag = 0; int pollcount = 0; int namematchRWBK, namematchRO, thismatch; int matchtype = 0; - char volumename[VL_MAXNAMELEN+2]; /* regex anchors */ char rxstr[AFS_RXINFO_LEN]; #ifdef HAVE_POSIX_REGEX regex_t re; @@ -1500,8 +1499,7 @@ SVL_ListAttributesN2(struct rx_call *rxcall, } /* Search each entry in the database and return all entries - * that match the request. It checks volumename (with - * wildcarding), entry flags, server, and partition. + * that match the request. It checks entry flags, server, and partition. */ else { /* Get the server index for matching server address */ @@ -1515,21 +1513,9 @@ SVL_ListAttributesN2(struct rx_call *rxcall, findpartition = ((attributes->Mask & VLLIST_PARTITION) ? 1 : 0); findflag = ((attributes->Mask & VLLIST_FLAG) ? 1 : 0); if (name && (strcmp(name, ".*") != 0) && (strcmp(name, "") != 0)) { - sprintf(volumename, "^%s$", name); -#ifdef HAVE_POSIX_REGEX - if (regcomp(&re, volumename, REG_NOSUB) != 0) { - errorcode = VL_BADNAME; - goto done; - } - need_regfree = 1; -#else - t = (char *)re_comp(volumename); - if (t) { - errorcode = VL_BADNAME; - goto done; - } -#endif - findname = 1; + /* regex-matching code has been disabled for security reasons. */ + errorcode = VL_BADNAME; + goto done; } /* Read each entry and see if it is the one we want */ @@ -1559,38 +1545,12 @@ SVL_ListAttributesN2(struct rx_call *rxcall, if (tentry.serverFlags[k] & VLSF_RWVOL) { /* Does the name match the RW name */ if (tentry.flags & VLF_RWEXISTS) { - if (findname) { - sprintf(volumename, "%s", tentry.name); -#ifdef HAVE_POSIX_REGEX - if (regexec(&re, volumename, 0, NULL, 0) == 0) { - thismatch = VLSF_RWVOL; - } -#else - if (re_exec(volumename)) { - thismatch = VLSF_RWVOL; - } -#endif - } else { - thismatch = VLSF_RWVOL; - } + thismatch = VLSF_RWVOL; } /* Does the name match the BK name */ if (!thismatch && (tentry.flags & VLF_BACKEXISTS)) { - if (findname) { - sprintf(volumename, "%s.backup", tentry.name); -#ifdef HAVE_POSIX_REGEX - if (regexec(&re, volumename, 0, NULL, 0) == 0) { - thismatch = VLSF_BACKVOL; - } -#else - if (re_exec(volumename)) { - thismatch = VLSF_BACKVOL; - } -#endif - } else { - thismatch = VLSF_BACKVOL; - } + thismatch = VLSF_BACKVOL; } namematchRWBK = (thismatch ? 1 : 2); @@ -1602,25 +1562,7 @@ SVL_ListAttributesN2(struct rx_call *rxcall, */ else { if (tentry.flags & VLF_ROEXISTS) { - if (findname) { - if (namematchRO) { - thismatch = - ((namematchRO == 1) ? VLSF_ROVOL : 0); - } else { - sprintf(volumename, "%s.readonly", - tentry.name); -#ifdef HAVE_POSIX_REGEX - if (regexec(&re, volumename, 0, NULL, 0) == 0) { - thismatch = VLSF_ROVOL; - } -#else - if (re_exec(volumename)) - thismatch = VLSF_ROVOL; -#endif - } - } else { - thismatch = VLSF_ROVOL; - } + thismatch = VLSF_ROVOL; } namematchRO = (thismatch ? 1 : 2); } -- 1.7.1