system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-03 15:15:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add better sanity checking to the logic that handles ioctl processing

Browse source 
for nfsclient and nfs4client in order to prevent local root users
from panicing the system.

PR:		kern/77463
Submitted by:	Wojciech A. Koszek
Reviewed by:	cel, rees
MFC after:	2 weeks
Security:	Local root users can panic the system at will
This commit is contained in:
Chuck Lever 2006-05-13 00:16:35 +00:00
parent ace86f3f27
commit 5f396e80f0
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=158505
1 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
sys/nfs4client/nfs4_dev.c
View file

@ -152,11 +152,12 @@ nfs4dev_reply(caddr_t addr)
return EINVAL;
}
if (m->msg_len == 0 || m->msg_len > NFS4DEV_MSG_MAX_DATALEN) {
if (m->msg_len < sizeof(*m) - NFS4DEV_MSG_MAX_DATALEN ||
m->msg_len > NFS4DEV_MSG_MAX_DATALEN) {
NFS4DEV_DEBUG("bad message length\n");
return EINVAL;
}
/* match the reply with a request */
mtx_lock(&nfs4dev_waitq_mtx);
TAILQ_FOREACH(u, &nfs4dev_waitq, up_entry) {
@ -197,8 +198,10 @@ nfs4dev_reply(caddr_t addr)
return 0;
bad:
u->up_error = error;
wakeup(u);
if (u) {
u->up_error = error;
wakeup(u);
}
return error;
}