summaryrefslogtreecommitdiffstats
path: root/sbin
diff options
context:
space:
mode:
authorguido <guido@FreeBSD.org>1997-08-29 19:22:28 +0000
committerguido <guido@FreeBSD.org>1997-08-29 19:22:28 +0000
commit175058b2d14f3b2427bfd5337c6723835ed23736 (patch)
tree5bbd450300d4816aebc418e1bc2b2577e3352521 /sbin
parent13fe237edc09b0964851ff000267e07797dff742 (diff)
downloadFreeBSD-src-175058b2d14f3b2427bfd5337c6723835ed23736.zip
FreeBSD-src-175058b2d14f3b2427bfd5337c6723835ed23736.tar.gz
Plug info agthering attack as pointed out on Bugtraq recently.
Obtained from: OpenBSD
Diffstat (limited to 'sbin')
-rw-r--r--sbin/mountd/mountd.c23
1 files changed, 14 insertions, 9 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c
index 7dadb1f..38ead40 100644
--- a/sbin/mountd/mountd.c
+++ b/sbin/mountd/mountd.c
@@ -43,7 +43,7 @@ static char copyright[] =
#ifndef lint
/*static char sccsid[] = "@(#)mountd.c 8.15 (Berkeley) 5/1/95"; */
static const char rcsid[] =
- "$Id: mountd.c,v 1.21 1997/04/30 18:40:12 pst Exp $";
+ "$Id: mountd.c,v 1.22 1997/07/16 09:27:53 dfr Exp $";
#endif /*not lint*/
#include <sys/param.h>
@@ -374,7 +374,7 @@ mntsrv(rqstp, transp)
u_long saddr;
u_short sport;
char rpcpath[RPCMNT_PATHLEN + 1], dirpath[MAXPATHLEN];
- int bad = ENOENT, defset, hostset;
+ int bad = 0, defset, hostset;
sigset_t sighup_mask;
sigemptyset(&sighup_mask);
@@ -410,9 +410,7 @@ mntsrv(rqstp, transp)
chdir("/"); /* Just in case realpath doesn't */
if (debug)
fprintf(stderr, "stat failed on %s\n", dirpath);
- if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad))
- syslog(LOG_ERR, "Can't send reply");
- return;
+ bad = ENOENT; /* We will send error reply later */
}
/* Check in the exports list */
@@ -424,6 +422,13 @@ mntsrv(rqstp, transp)
chk_host(dp, saddr, &defset, &hostset)) ||
(defset && scan_tree(ep->ex_defdir, saddr) == 0 &&
scan_tree(ep->ex_dirl, saddr) == 0))) {
+ if (bad) {
+ if (!svc_sendreply(transp, xdr_long,
+ (caddr_t)&bad))
+ syslog(LOG_ERR, "Can't send reply");
+ sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
+ return;
+ }
if (hostset & DP_HOSTSET)
fhr.fhr_flag = hostset;
else
@@ -452,11 +457,11 @@ mntsrv(rqstp, transp)
dirpath);
if (debug)
fprintf(stderr,"Mount successfull.\n");
- } else {
+ } else
bad = EACCES;
- if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad))
- syslog(LOG_ERR, "Can't send reply");
- }
+
+ if (bad && !svc_sendreply(transp, xdr_long, (caddr_t)&bad))
+ syslog(LOG_ERR, "Can't send reply");
sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL);
return;
case RPCMNT_DUMP:
OpenPOWER on IntegriCloud