diff options
author | guido <guido@FreeBSD.org> | 1997-08-29 19:22:28 +0000 |
---|---|---|
committer | guido <guido@FreeBSD.org> | 1997-08-29 19:22:28 +0000 |
commit | 175058b2d14f3b2427bfd5337c6723835ed23736 (patch) | |
tree | 5bbd450300d4816aebc418e1bc2b2577e3352521 /sbin | |
parent | 13fe237edc09b0964851ff000267e07797dff742 (diff) | |
download | FreeBSD-src-175058b2d14f3b2427bfd5337c6723835ed23736.zip FreeBSD-src-175058b2d14f3b2427bfd5337c6723835ed23736.tar.gz |
Plug info agthering attack as pointed out on Bugtraq recently.
Obtained from: OpenBSD
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/mountd/mountd.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index 7dadb1f..38ead40 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -43,7 +43,7 @@ static char copyright[] = #ifndef lint /*static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95"; */ static const char rcsid[] = - "$Id: mountd.c,v 1.21 1997/04/30 18:40:12 pst Exp $"; + "$Id: mountd.c,v 1.22 1997/07/16 09:27:53 dfr Exp $"; #endif /*not lint*/ #include <sys/param.h> @@ -374,7 +374,7 @@ mntsrv(rqstp, transp) u_long saddr; u_short sport; char rpcpath[RPCMNT_PATHLEN + 1], dirpath[MAXPATHLEN]; - int bad = ENOENT, defset, hostset; + int bad = 0, defset, hostset; sigset_t sighup_mask; sigemptyset(&sighup_mask); @@ -410,9 +410,7 @@ mntsrv(rqstp, transp) chdir("/"); /* Just in case realpath doesn't */ if (debug) fprintf(stderr, "stat failed on %s\n", dirpath); - if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad)) - syslog(LOG_ERR, "Can't send reply"); - return; + bad = ENOENT; /* We will send error reply later */ } /* Check in the exports list */ @@ -424,6 +422,13 @@ mntsrv(rqstp, transp) chk_host(dp, saddr, &defset, &hostset)) || (defset && scan_tree(ep->ex_defdir, saddr) == 0 && scan_tree(ep->ex_dirl, saddr) == 0))) { + if (bad) { + if (!svc_sendreply(transp, xdr_long, + (caddr_t)&bad)) + syslog(LOG_ERR, "Can't send reply"); + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); + return; + } if (hostset & DP_HOSTSET) fhr.fhr_flag = hostset; else @@ -452,11 +457,11 @@ mntsrv(rqstp, transp) dirpath); if (debug) fprintf(stderr,"Mount successfull.\n"); - } else { + } else bad = EACCES; - if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad)) - syslog(LOG_ERR, "Can't send reply"); - } + + if (bad && !svc_sendreply(transp, xdr_long, (caddr_t)&bad)) + syslog(LOG_ERR, "Can't send reply"); sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); return; case RPCMNT_DUMP: |