Author: emaste
Date: Fri Oct 7 14:46:34 2016
New Revision: 306809
URL: https://svnweb.freebsd.org/changeset/base/306809
Log:
MFC r299199: Add nid_namelen bounds check to nfssvc system call
This is only allowed by root and only used by the nfs daemon, which
should not provide an incorrect value. However, it's still good
practice to validate data provided by userland.
PR: 206626
Modified:
stable/10/sys/fs/nfs/nfs_commonsubs.c
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/sys/fs/nfs/nfs_commonsubs.c
==============================================================================
--- stable/10/sys/fs/nfs/nfs_commonsubs.c Fri Oct 7 13:43:38 2016
(r306808)
+++ stable/10/sys/fs/nfs/nfs_commonsubs.c Fri Oct 7 14:46:34 2016
(r306809)
@@ -3167,6 +3167,10 @@ nfssvc_idname(struct nfsd_idargs *nidp)
static int onethread = 0;
static time_t lasttime = 0;
+ if (nidp->nid_namelen <= 0 || nidp->nid_namelen > MAXHOSTNAMELEN) {
+ error = EINVAL;
+ goto out;
+ }
if (nidp->nid_flag & NFSID_INITIALIZE) {
cp = malloc(nidp->nid_namelen + 1, M_NFSSTRING, M_WAITOK);
error = copyin(CAST_USER_ADDR_T(nidp->nid_name), cp,
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10
To unsubscribe, send any mail to "[email protected]"
