system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-07-22 02:37:15 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

kgssapi(4): Don't allow user-provided arguments to overrun stack buffer

Browse source 
An over-long path argument to gssd_syscall could overrun the stack sockaddr_un
buffer.  Fix gssd_syscall to not permit that.

If an over-long path is provided, gssd_syscall now returns EINVAL.

It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that
this is likely only triggerable by root.

Reported by:	Coverity
CID:		1006751
Sponsored by:	EMC / Isilon Storage Division
This commit is contained in:
Conrad Meyer 2016-04-20 05:02:13 +00:00
parent b51230b720
commit 9d77679a40
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=298338
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/kgssapi/gss_impl.c
View file

@ -104,10 +104,12 @@ sys_gssd_syscall(struct thread *td, struct gssd_syscall_args *uap)
error = copyinstr(uap->path, path, sizeof(path), NULL);
if (error)
return (error);
if (strlen(path) + 1 > sizeof(sun.sun_path))
return (EINVAL);
if (path[0] != '\0') {
sun.sun_family = AF_LOCAL;
strcpy(sun.sun_path, path);
strlcpy(sun.sun_path, path, sizeof(sun.sun_path));
sun.sun_len = SUN_LEN(&sun);
nconf = getnetconfigent("local");