From 47d75c29f5510ad844f0bc7fbc07d481ebb7fd9e Mon Sep 17 00:00:00 2001 From: Rick Macklem Date: Sun, 1 May 2022 13:41:31 -0700 Subject: [PATCH] nfsd: Add a sanity check to SecinfoNoname for file type Robert Morris reported that, for the case of SecinfoNoname with the Parent option, providing a non-directory could cause a crash. This patch adds a sanity check for v_type == VDIR for this case, to avoid the crash. Reported by: rtm@lcs.mit.edu PR: 260300 MFC after: 2 weeks --- sys/fs/nfsserver/nfs_nfsdserv.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sys/fs/nfsserver/nfs_nfsdserv.c b/sys/fs/nfsserver/nfs_nfsdserv.c index 21d8fe05c0ad..3f896effd8ce 100644 --- a/sys/fs/nfsserver/nfs_nfsdserv.c +++ b/sys/fs/nfsserver/nfs_nfsdserv.c @@ -3822,6 +3822,11 @@ nfsrvd_secinfononame(struct nfsrv_descript *nd, int isdgram, fhstyle = fxdr_unsigned(int, *tl); switch (fhstyle) { case NFSSECINFONONAME_PARENT: + if (dp->v_type != VDIR) { + vput(dp); + nd->nd_repstat = NFSERR_NOTDIR; + goto nfsmout; + } NFSNAMEICNDSET(&named.ni_cnd, nd->nd_cred, LOOKUP, LOCKLEAF | SAVESTART); nfsvno_setpathbuf(&named, &bufp, &hashp);