From: Eric Bollengier <eric@eb.homelinux.org>
Date: Mon, 7 Feb 2011 17:15:57 +0000 (+0100)
Subject: Check if resource name is valid in acl_access_ok()
X-Git-Tag: Release-5.2.1~659
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=cb2212d3cddbb0fb8acdfae496f5fcc503d35057;p=bacula%2Fbacula

Check if resource name is valid in acl_access_ok()
---

diff --git a/bacula/src/dird/ua_acl.c b/bacula/src/dird/ua_acl.c
index 4834d5b814..1a386fd75b 100644
--- a/bacula/src/dird/ua_acl.c
+++ b/bacula/src/dird/ua_acl.c
@@ -49,6 +49,11 @@ bool acl_access_ok(UAContext *ua, int acl, const char *item)
 /* This version expects the length of the item which we must check. */
 bool acl_access_ok(UAContext *ua, int acl, const char *item, int len)
 {
+   /* The resource name contains nasty characters */
+   if (acl != Where_ACL && !is_name_valid(item, NULL)) {
+      Dmsg1(1400, "Access denied for item=%s\n", item);
+      return false;
+   }
 
    /* If no console resource => default console and all is permitted */
    if (!ua->cons) {