d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not access memory past the buffer end.

Browse Source 
Do not accept and silently truncate too long hostname.

Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
This commit is contained in:
Konstantin Belousov 2017-02-16 06:36:16 +00:00
parent 599009e261
commit bd1623def1
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys/fs/nfsclient/nfs_clvfsops.c
View File

@ -1270,8 +1270,13 @@ nfs_mount(struct mount *mp)
error = EINVAL;
goto out;
}
bcopy(args.hostname, hst, MNAMELEN);
hst[MNAMELEN - 1] = '\0';
if (len >= MNAMELEN) {
vfs_mount_error(mp, "Hostname too long");
error = EINVAL;
goto out;
}
bcopy(args.hostname, hst, len);
hst[len] = '\0';
}
if (vfs_getopt(mp->mnt_optnew, "principal", (void **)&name, NULL) == 0)