Change the current working directory to be inside the jail created by

the jail(8) command. [10:04] Fix a one-NUL-byte buffer overflow in libopie. [10:05] Correctly sanity-check a buffer length in nfs mount. [10:06] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:04.jail Security: FreeBSD-SA-10:05.opie Security: FreeBSD-SA-10:06.nfsclient
author: cperciva <cperciva@FreeBSD.org> 2010-05-27 03:15:04 +0000
committer: cperciva <cperciva@FreeBSD.org> 2010-05-27 03:15:04 +0000
commit: c8612ee587015f9d8700cd66f976c478b90c96eb (patch)
tree: bb411589baeeda79e1125d6ff01c0e7a1f95d350 /sys/nfsclient
parent: 24a8b9692fb6bf640d0b0d36774ebc871ad94410 (diff)
download: FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.zip
FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c
index a8f32da..a4ef316 100644
--- a/sys/nfsclient/nfs_vfsops.c
+++ b/sys/nfsclient/nfs_vfsops.c
@@ -1074,6 +1074,11 @@ nfs_mount(struct mount *mp)
 		error = EINVAL;
 		goto out;
 	}
+	if (args.fhsize < 0 || args.fhsize > NFSX_V3FHMAX) {
+		vfs_mount_error(mp, "Bad file handle");
+		error = EINVAL;
+		goto out;
+	}
 
 	if (mp->mnt_flag & MNT_UPDATE) {
 		struct nfsmount *nmp = VFSTONFS(mp);
author	cperciva <cperciva@FreeBSD.org>	2010-05-27 03:15:04 +0000
committer	cperciva <cperciva@FreeBSD.org>	2010-05-27 03:15:04 +0000
commit	c8612ee587015f9d8700cd66f976c478b90c96eb (patch)
tree	bb411589baeeda79e1125d6ff01c0e7a1f95d350 /sys/nfsclient
parent	24a8b9692fb6bf640d0b0d36774ebc871ad94410 (diff)
download	FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.zip FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.tar.gz