mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-20 08:44:33 +00:00
Add nid_namelen bounds check to nfssvc system call
This is only allowed by root and only used by the nfs daemon, which should not provide an incorrect value. However, it's still good practice to validate data provided by userland. PR: 206626 Reported by: CTurt <cturt@hardenedbsd.org> Reviewed by: rmacklem MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D6201
This commit is contained in:
parent
6247277a02
commit
8edac6eee6
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=299199
|
@ -3174,6 +3174,10 @@ nfssvc_idname(struct nfsd_idargs *nidp)
|
|||
static int onethread = 0;
|
||||
static time_t lasttime = 0;
|
||||
|
||||
if (nidp->nid_namelen <= 0 || nidp->nid_namelen > MAXHOSTNAMELEN) {
|
||||
error = EINVAL;
|
||||
goto out;
|
||||
}
|
||||
if (nidp->nid_flag & NFSID_INITIALIZE) {
|
||||
cp = malloc(nidp->nid_namelen + 1, M_NFSSTRING, M_WAITOK);
|
||||
error = copyin(CAST_USER_ADDR_T(nidp->nid_name), cp,
|
||||
|
|
Loading…
Reference in a new issue