Author: kib Date: Thu Feb 23 09:55:55 2017 New Revision: 314137 URL: https://svnweb.freebsd.org/changeset/base/314137
Log: MFC r313800: Do not access memory past the buffer end. Do not accept and silently truncate too long hostname. Modified: stable/11/sys/fs/nfsclient/nfs_clvfsops.c Directory Properties: stable/11/ (props changed) Modified: stable/11/sys/fs/nfsclient/nfs_clvfsops.c ============================================================================== --- stable/11/sys/fs/nfsclient/nfs_clvfsops.c Thu Feb 23 09:53:54 2017 (r314136) +++ stable/11/sys/fs/nfsclient/nfs_clvfsops.c Thu Feb 23 09:55:55 2017 (r314137) @@ -1270,8 +1270,13 @@ nfs_mount(struct mount *mp) error = EINVAL; goto out; } - bcopy(args.hostname, hst, MNAMELEN); - hst[MNAMELEN - 1] = '\0'; + if (len >= MNAMELEN) { + vfs_mount_error(mp, "Hostname too long"); + error = EINVAL; + goto out; + } + bcopy(args.hostname, hst, len); + hst[len] = '\0'; } if (vfs_getopt(mp->mnt_optnew, "principal", (void **)&name, NULL) == 0) _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"