Add a sanity check for the existence of an "addr" option

to both NFS clients. This avoids the crash reported by
Sergey Kandaurov (pluknet@gmail.com) to the freebsd-fs@
list with subject "[old nfsclient] different nmount()
args passed from mount vs mount_nfs" dated May 17, 2011.

Tested by:	pluknet at gmail.com (old nfs client)
MFC after:	2 weeks

2 files changed, 17 insertions, 7 deletions

diff --git a/sys/fs/nfsclient/nfs_clvfsops.c b/sys/fs/nfsclient/nfs_clvfsops.c
index b062d2c..8dc5b0b 100644
--- a/sys/fs/nfsclient/nfs_clvfsops.c
+++ b/sys/fs/nfsclient/nfs_clvfsops.c
@@ -1079,15 +1079,21 @@ nfs_mount(struct mount *mp)
 		dirpath[0] = '\0';
 	dirlen = strlen(dirpath);
 
-	if (has_nfs_args_opt == 0 && vfs_getopt(mp->mnt_optnew, "addr",
-	    (void **)&args.addr, &args.addrlen) == 0) {
-		if (args.addrlen > SOCK_MAXADDRLEN) {
-			error = ENAMETOOLONG;
+	if (has_nfs_args_opt == 0) {
+		if (vfs_getopt(mp->mnt_optnew, "addr",
+		    (void **)&args.addr, &args.addrlen) == 0) {
+			if (args.addrlen > SOCK_MAXADDRLEN) {
+				error = ENAMETOOLONG;
+				goto out;
+			}
+			nam = malloc(args.addrlen, M_SONAME, M_WAITOK);
+			bcopy(args.addr, nam, args.addrlen);
+			nam->sa_len = args.addrlen;
+		} else {
+			vfs_mount_error(mp, "No server address");
+			error = EINVAL;
 			goto out;
 		}
-		nam = malloc(args.addrlen, M_SONAME, M_WAITOK);
-		bcopy(args.addr, nam, args.addrlen);
-		nam->sa_len = args.addrlen;
 	}
 
 	args.fh = nfh;
diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c
index 04fd375..79659d0 100644
--- a/sys/nfsclient/nfs_vfsops.c
+++ b/sys/nfsclient/nfs_vfsops.c
@@ -1149,6 +1149,10 @@ nfs_mount(struct mount *mp)
 				goto out;
 			}
 		}
+	} else if (has_addr_opt == 0) {
+		vfs_mount_error(mp, "No server address");
+		error = EINVAL;
+		goto out;
 	}
 	error = mountnfs(&args, mp, nam, args.hostname, &vp,
 	    curthread->td_ucred, negnametimeo);