Fix a bug that allows NFS clients to issue READDIR on files.

PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver
author: des <des@FreeBSD.org> 2013-04-29 20:09:44 +0000
committer: des <des@FreeBSD.org> 2013-04-29 20:09:44 +0000
commit: 6cfe294dedc835f600fbdf81a4eebbd6aafe7099 (patch)
tree: 2e1bc4056e3d8c719b5313d978e2cf8e7427e5fb
parent: bb206a2f9fcaeb7032aae08a9f9577003340ee42 (diff)
download: FreeBSD-src-6cfe294dedc835f600fbdf81a4eebbd6aafe7099.zip
FreeBSD-src-6cfe294dedc835f600fbdf81a4eebbd6aafe7099.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 92c35b2..84addcc 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -1574,6 +1574,8 @@ nfsrvd_readdir(struct nfsrv_descript *nd, int isdgram,
 			nd->nd_repstat = NFSERR_BAD_COOKIE;
 #endif
 	}
+	if (!nd->nd_repstat && vp->v_type != VDIR)
+		nd->nd_repstat = NFSERR_NOTDIR;
 	if (nd->nd_repstat == 0 && cnt == 0) {
 		if (nd->nd_flag & ND_NFSV2)
 			/* NFSv2 does not have NFSERR_TOOSMALL */
author	des <des@FreeBSD.org>	2013-04-29 20:09:44 +0000
committer	des <des@FreeBSD.org>	2013-04-29 20:09:44 +0000
commit	6cfe294dedc835f600fbdf81a4eebbd6aafe7099 (patch)
tree	2e1bc4056e3d8c719b5313d978e2cf8e7427e5fb
parent	bb206a2f9fcaeb7032aae08a9f9577003340ee42 (diff)
download	FreeBSD-src-6cfe294dedc835f600fbdf81a4eebbd6aafe7099.zip FreeBSD-src-6cfe294dedc835f600fbdf81a4eebbd6aafe7099.tar.gz