diff options
author | rmacklem <rmacklem@FreeBSD.org> | 2012-02-07 16:32:43 +0000 |
---|---|---|
committer | rmacklem <rmacklem@FreeBSD.org> | 2012-02-07 16:32:43 +0000 |
commit | c9e28aac3f6b2f7f51bbbe2d4ce510349908e05f (patch) | |
tree | eeb525fca9a6c7b06b69abcafc731e60f50e0296 /sys/fs | |
parent | 554ffe3a63bca2215726a825296d5b1e0d851fda (diff) | |
download | FreeBSD-src-c9e28aac3f6b2f7f51bbbe2d4ce510349908e05f.zip FreeBSD-src-c9e28aac3f6b2f7f51bbbe2d4ce510349908e05f.tar.gz |
r228827 fixed a problem where copying of NFSv4 open credentials into
a credential structure would corrupt it. This happened when the
p argument was != NULL. However, I now realize that the copying of
open credentials should only happen for p == NULL, since that indicates
that it is a read-ahead or write-behind. This patch fixes this.
After this commit, r228827 could be reverted, but I think the code is
clearer and safer with the patch, so I am going to leave it in.
Without this patch, it was possible that a NFSv4 VOP_SETATTR() could have
changed the credentials of the caller. This would have happened if
the process doing the VOP_SETATTR() did not have the file open, but
some other process running as a different uid had the file open for writing
at the same time.
MFC after: 5 days
Diffstat (limited to 'sys/fs')
-rw-r--r-- | sys/fs/nfsclient/nfs_clstate.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/fs/nfsclient/nfs_clstate.c b/sys/fs/nfsclient/nfs_clstate.c index 765b6b9..b54805d 100644 --- a/sys/fs/nfsclient/nfs_clstate.c +++ b/sys/fs/nfsclient/nfs_clstate.c @@ -559,8 +559,12 @@ nfscl_getstateid(vnode_t vp, u_int8_t *nfhp, int fhlen, u_int32_t mode, NFSUNLOCKCLSTATE(); return (ENOENT); } - /* for read aheads or write behinds, use the open cred */ - newnfs_copycred(&op->nfso_cred, cred); + /* + * For read aheads or write behinds, use the open cred. + * A read ahead or write behind is indicated by p == NULL. + */ + if (p == NULL) + newnfs_copycred(&op->nfso_cred, cred); } /* |