From a91d2201f90c60ce67871db195359f6879470740 Mon Sep 17 00:00:00 2001 From: Martin Matuska Date: Sun, 5 Feb 2012 10:59:50 +0000 Subject: [PATCH] Analogous to r230407 a separate path buffer in vfs_mount.c is required for r230129. Fixes a out of bounds write to fspath. MFC after: 10 days --- sys/kern/vfs_mount.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index 5fa086cf944b..ddc17cc326ea 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -1039,6 +1039,7 @@ vfs_domount( struct vfsconf *vfsp; struct nameidata nd; struct vnode *vp; + char *pathbuf; int error; /* @@ -1102,12 +1103,15 @@ vfs_domount( NDFREE(&nd, NDF_ONLY_PNBUF); vp = nd.ni_vp; if ((fsflags & MNT_UPDATE) == 0) { - error = vn_path_to_global_path(td, vp, fspath, MNAMELEN); + pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); + strcpy(pathbuf, fspath); + error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN); /* debug.disablefullpath == 1 results in ENODEV */ if (error == 0 || error == ENODEV) { - error = vfs_domount_first(td, vfsp, fspath, vp, + error = vfs_domount_first(td, vfsp, pathbuf, vp, fsflags, optlist); } + free(pathbuf, M_TEMP); } else error = vfs_domount_update(td, vp, fsflags, optlist); mtx_unlock(&Giant);