Author: rmacklem
Date: Tue Nov 20 01:56:34 2018
New Revision: 340662
URL: https://svnweb.freebsd.org/changeset/base/340662
Log:
nfsm_advance() would panic() when the offs argument was negative.
The code assumed that this would indicate a corrupted mbuf chain, but
it could simply be caused by bogus RPC message data.
This patch replaces the panic() with a printf() plus error return.
MFC after: 1 week
Modified:
head/sys/fs/nfs/nfs_commonsubs.c
Modified: head/sys/fs/nfs/nfs_commonsubs.c
==============================================================================
--- head/sys/fs/nfs/nfs_commonsubs.c Tue Nov 20 01:52:45 2018
(r340661)
+++ head/sys/fs/nfs/nfs_commonsubs.c Tue Nov 20 01:56:34 2018
(r340662)
@@ -725,10 +725,14 @@ nfsm_advance(struct nfsrv_descript *nd, int offs, int
if (offs == 0)
goto out;
/*
- * A negative offs should be considered a serious problem.
+ * A negative offs might indicate a corrupted mbuf chain and,
+ * as such, a printf is logged.
*/
- if (offs < 0)
- panic("nfsrv_advance");
+ if (offs < 0) {
+ printf("nfsrv_advance: negative offs\n");
+ error = EBADRPC;
+ goto out;
+ }
/*
* If left == -1, calculate it here.
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
