freebsd-nq/sys/kgssapi
Conrad Meyer 9d77679a40 kgssapi(4): Don't allow user-provided arguments to overrun stack buffer
An over-long path argument to gssd_syscall could overrun the stack sockaddr_un
buffer.  Fix gssd_syscall to not permit that.

If an over-long path is provided, gssd_syscall now returns EINVAL.

It looks like PRIV_NFS_DAEMON isn't granted anywhere, so my best guess is that
this is likely only triggerable by root.

Reported by:	Coverity
CID:		1006751
Sponsored by:	EMC / Isilon Storage Division
2016-04-20 05:02:13 +00:00
..
krb5
gss_accept_sec_context.c
gss_acquire_cred.c
gss_add_oid_set_member.c
gss_canonicalize_name.c
gss_create_empty_oid_set.c
gss_delete_sec_context.c
gss_display_status.c
gss_export_name.c
gss_get_mic.c
gss_impl.c kgssapi(4): Don't allow user-provided arguments to overrun stack buffer 2016-04-20 05:02:13 +00:00
gss_import_name.c
gss_init_sec_context.c
gss_names.c
gss_pname_to_uid.c
gss_release_buffer.c
gss_release_cred.c
gss_release_name.c
gss_release_oid_set.c
gss_set_cred_option.c
gss_test_oid_set_member.c
gss_unwrap.c
gss_verify_mic.c
gss_wrap_size_limit.c
gss_wrap.c
gssapi_impl.h
gssapi.h
gssd_prot.c
gssd.x
gsstest.c
kgss_if.m