When exporting a directory that is not a mountpoint, mountd repeatedly

removes the last path component until the mount() succeeds. However, the code never checks if it has passed the mountpoint, so in some cases where the mount() never succeeds, it can end up applying the flags from a mounted filesystem to the underlying one. Add a sanity check to the code which removes the last path component: test that the fsid associated with the new path is the same as that of the old one. PR: bin/7872
2001-04-22 21:50:30 +00:00 · 2001-04-22 21:50:30 +00:00 · 55cb071ae8
commit 55cb071ae8
parent 80f71bb682
2 changed files with 16 additions and 0 deletions
--- a/sbin/mountd/mountd.c
+++ b/sbin/mountd/mountd.c
@ -1734,6 +1734,7 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb)
 	int dirplen;
 	struct statfs *fsb;
 {
+	struct statfs fsb1;
 	struct addrinfo *ai;
 	struct export_args *eap;
 	char *cp = NULL;
@ -1835,6 +1836,13 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb)
 			}
 			savedc = *cp;
 			*cp = '\0';
+			/* Check that we're still on the same filesystem. */
+			if (statfs(dirp, &fsb1) != 0 || bcmp(&fsb1.f_fsid,
+			    &fsb->f_fsid, sizeof(fsb1.f_fsid)) != 0) {
+				*cp = savedc;
+				syslog(LOG_ERR, "can't export %s", dirp);
+				return (1);
+			}
 		}
 skip:
 		if (ai != NULL)
--- a/usr.sbin/mountd/mountd.c
+++ b/usr.sbin/mountd/mountd.c
@ -1734,6 +1734,7 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb)
 	int dirplen;
 	struct statfs *fsb;
 {
+	struct statfs fsb1;
 	struct addrinfo *ai;
 	struct export_args *eap;
 	char *cp = NULL;
@ -1835,6 +1836,13 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb)
 			}
 			savedc = *cp;
 			*cp = '\0';
+			/* Check that we're still on the same filesystem. */
+			if (statfs(dirp, &fsb1) != 0 || bcmp(&fsb1.f_fsid,
+			    &fsb->f_fsid, sizeof(fsb1.f_fsid)) != 0) {
+				*cp = savedc;
+				syslog(LOG_ERR, "can't export %s", dirp);
+				return (1);
+			}
 		}
 skip:
 		if (ai != NULL)