>From CheriBSD, via FreeBSD:
| Avoid reading one byte before the path buffer.
|
| This happens when there's only one component (e.g. "/foo"). This
| (mostly-harmless) bug has been present since June 1990 when it was
| commited to mountd.c SCCS version 5.9.
|
| Note: the bug is on the second changed line, the first line is changed
| for visual consistency.
https://svnweb.freebsd.org/base?view=revision&revision=363435
You need to look at the surrounding loop to see the problem.
OK?
Index: sbin/mountd/mountd.c
===================================================================
RCS file: /cvs/src/sbin/mountd/mountd.c,v
retrieving revision 1.88
diff -u -p -r1.88 mountd.c
--- sbin/mountd/mountd.c 24 Jan 2020 18:51:45 -0000 1.88
+++ sbin/mountd/mountd.c 6 Aug 2020 14:41:16 -0000
@@ -2021,9 +2021,9 @@ do_mount(struct exportlist *ep, struct g
#endif
}
/* back up over the last component */
- while (*cp == '/' && cp > dirp)
+ while (cp > dirp && *cp == '/')
cp--;
- while (*(cp - 1) != '/' && cp > dirp)
+ while (cp > dirp && *(cp - 1) != '/')
cp--;
if (cp == dirp) {
if (debug)
--
Christian "naddy" Weisgerber [email protected]
