d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a number of server-side issues related to aborting badly formed

Browse Source 
NFS packets, mainly initializing structure pointers to NULL which
    are conditionally freed prior to return.

PR:		kern/15249
Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
This commit is contained in:
dillon 1999-12-12 07:06:39 +00:00
parent 9c9d5f88d9
commit 08e8d78b50
7 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/nfs/nfs_common.c
View File

@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (saddr->sin_family == AF_INET &&
ntohs(saddr->sin_port) >= IPPORT_RESERVED) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
}
@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (exflags & MNT_EXKERB) {
if (!kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
} else if (kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
} else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) {
cred->cr_uid = credanon->cr_uid;

4
sys/nfs/nfs_nqlease.c
View File

@ -769,8 +769,10 @@ nqnfsrv_getlease(nfsd, slp, procp, mrq)
nfsd->nd_duration = fxdr_unsigned(int, *tl);
error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly,
(nfsd->nd_flag & ND_KERBAUTH), TRUE);
if (error)
if (error) {
nfsm_reply(0);
goto nfsmout;
}
if (rdonly && flags == ND_WRITE) {
error = EROFS;
vput(vp);

8
sys/nfs/nfs_serv.c
View File

@ -249,7 +249,7 @@ nfsrv_getattr(nfsd, slp, procp, mrq)
register struct nfs_fattr *fp;
struct vattr va;
register struct vattr *vap = &va;
struct vnode *vp;
struct vnode *vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
register u_int32_t *tl;
@ -453,7 +453,7 @@ nfsrv_lookup(nfsd, slp, procp, mrq)
struct ucred *cred = &nfsd->nd_cr;
register struct nfs_fattr *fp;
struct nameidata nd, ind, *ndp = &nd;
struct vnode *vp, *dirp;
struct vnode *vp, *dirp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
register caddr_t cp;
@ -775,7 +775,7 @@ nfsrv_read(nfsd, slp, procp, mrq)
char *cp2;
struct mbuf *mb, *mb2, *mreq;
struct mbuf *m2;
struct vnode *vp;
struct vnode *vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
struct uio io, *uiop = &io;
@ -1168,7 +1168,7 @@ nfsrv_writegather(ndp, slp, procp, mrq)
int ioflags, aftat_ret = 1, s, adjust, v3, zeroing;
char *cp2;
struct mbuf *mb, *mb2, *mreq, *mrep, *md;
struct vnode *vp;
struct vnode *vp = NULL;
struct uio io, *uiop = &io;
u_quad_t frev, cur_usec;

3
sys/nfs/nfs_subs.c
View File

@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (saddr->sin_family == AF_INET &&
ntohs(saddr->sin_port) >= IPPORT_RESERVED) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
}
@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (exflags & MNT_EXKERB) {
if (!kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
} else if (kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
} else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) {
cred->cr_uid = credanon->cr_uid;

3
sys/nfsclient/nfs_subs.c
View File

@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (saddr->sin_family == AF_INET &&
ntohs(saddr->sin_port) >= IPPORT_RESERVED) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
}
@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (exflags & MNT_EXKERB) {
if (!kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
} else if (kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
} else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) {
cred->cr_uid = credanon->cr_uid;

8
sys/nfsserver/nfs_serv.c
View File

@ -249,7 +249,7 @@ nfsrv_getattr(nfsd, slp, procp, mrq)
register struct nfs_fattr *fp;
struct vattr va;
register struct vattr *vap = &va;
struct vnode *vp;
struct vnode *vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
register u_int32_t *tl;
@ -453,7 +453,7 @@ nfsrv_lookup(nfsd, slp, procp, mrq)
struct ucred *cred = &nfsd->nd_cr;
register struct nfs_fattr *fp;
struct nameidata nd, ind, *ndp = &nd;
struct vnode *vp, *dirp;
struct vnode *vp, *dirp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
register caddr_t cp;
@ -775,7 +775,7 @@ nfsrv_read(nfsd, slp, procp, mrq)
char *cp2;
struct mbuf *mb, *mb2, *mreq;
struct mbuf *m2;
struct vnode *vp;
struct vnode *vp = NULL;
nfsfh_t nfh;
fhandle_t *fhp;
struct uio io, *uiop = &io;
@ -1168,7 +1168,7 @@ nfsrv_writegather(ndp, slp, procp, mrq)
int ioflags, aftat_ret = 1, s, adjust, v3, zeroing;
char *cp2;
struct mbuf *mb, *mb2, *mreq, *mrep, *md;
struct vnode *vp;
struct vnode *vp = NULL;
struct uio io, *uiop = &io;
u_quad_t frev, cur_usec;

3
sys/nfsserver/nfs_srvsubs.c
View File

@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (saddr->sin_family == AF_INET &&
ntohs(saddr->sin_port) >= IPPORT_RESERVED) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
}
@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag)
if (exflags & MNT_EXKERB) {
if (!kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
}
} else if (kerbflag) {
vput(*vpp);
*vpp = NULL;
return (NFSERR_AUTHERR | AUTH_TOOWEAK);
} else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) {
cred->cr_uid = credanon->cr_uid;