Author: cem
Date: Tue Jun 7 20:00:20 2016
New Revision: 301564
URL: https://svnweb.freebsd.org/changeset/base/301564
Log:
nfs_clvfsops: Prevent strdup of stack garbage with bogus mount specs
If strlen(hostp) was zero, the stack array 'nam' would never be initialized
before being strdup()ed. Fix this by initializing it to the empty string.
It's possible some external condition makes this case impossible, in which
case, an assertion instead of this workaround is appropriate.
Introduced in r299848.
Reported by: Coverity
CID: 1355336
Sponsored by: EMC / Isilon Storage Division
Modified:
head/sys/fs/nfsclient/nfs_clvfsops.c
Modified: head/sys/fs/nfsclient/nfs_clvfsops.c
==============================================================================
--- head/sys/fs/nfsclient/nfs_clvfsops.c Tue Jun 7 19:49:08 2016
(r301563)
+++ head/sys/fs/nfsclient/nfs_clvfsops.c Tue Jun 7 20:00:20 2016
(r301564)
@@ -806,7 +806,8 @@ nfs_mount_parse_from(struct vfsoptlist *
nam[len + offset++] = ':';
memmove(nam + len + offset, spec, speclen);
nam[len + speclen + offset] = '\0';
- }
+ } else
+ nam[0] = '\0';
/*
* XXX: IPv6
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "[email protected]"
