d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nfscl: Sanity check irdcnt in nfsrpc_createsession

Browse Source 
Reported by:	rtm@lcs.mit.edu
Tested by:	rtm@lcs.mit.edu
PR:	259996
MFC after:	2 weeks
This commit is contained in:
Rick Macklem 2021-11-26 15:28:40 -08:00
parent 1879021942
commit 22f7bcb523
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/fs/nfsclient/nfs_clrpcops.c
View File

@ -5233,6 +5233,10 @@ nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep,
sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++);
NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots);
irdcnt = fxdr_unsigned(int, *tl);
if (irdcnt < 0 || irdcnt > 1) {
error = NFSERR_BADXDR;
goto nfsmout;
}
if (irdcnt > 0)
NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED);