Author: emaste Date: Fri Oct 7 14:46:34 2016 New Revision: 306809 URL: https://svnweb.freebsd.org/changeset/base/306809
Log: MFC r299199: Add nid_namelen bounds check to nfssvc system call This is only allowed by root and only used by the nfs daemon, which should not provide an incorrect value. However, it's still good practice to validate data provided by userland. PR: 206626 Modified: stable/10/sys/fs/nfs/nfs_commonsubs.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/fs/nfs/nfs_commonsubs.c ============================================================================== --- stable/10/sys/fs/nfs/nfs_commonsubs.c Fri Oct 7 13:43:38 2016 (r306808) +++ stable/10/sys/fs/nfs/nfs_commonsubs.c Fri Oct 7 14:46:34 2016 (r306809) @@ -3167,6 +3167,10 @@ nfssvc_idname(struct nfsd_idargs *nidp) static int onethread = 0; static time_t lasttime = 0; + if (nidp->nid_namelen <= 0 || nidp->nid_namelen > MAXHOSTNAMELEN) { + error = EINVAL; + goto out; + } if (nidp->nid_flag & NFSID_INITIALIZE) { cp = malloc(nidp->nid_namelen + 1, M_NFSSTRING, M_WAITOK); error = copyin(CAST_USER_ADDR_T(nidp->nid_name), cp, _______________________________________________ svn-src-stable-10@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-stable-10 To unsubscribe, send any mail to "svn-src-stable-10-unsubscr...@freebsd.org"