diff options
author | cperciva <cperciva@FreeBSD.org> | 2010-05-27 03:15:04 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2010-05-27 03:15:04 +0000 |
commit | c8612ee587015f9d8700cd66f976c478b90c96eb (patch) | |
tree | bb411589baeeda79e1125d6ff01c0e7a1f95d350 /sys/nfsclient | |
parent | 24a8b9692fb6bf640d0b0d36774ebc871ad94410 (diff) | |
download | FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.zip FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.tar.gz |
Change the current working directory to be inside the jail created by
the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
Diffstat (limited to 'sys/nfsclient')
-rw-r--r-- | sys/nfsclient/nfs_vfsops.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c index a8f32da..a4ef316 100644 --- a/sys/nfsclient/nfs_vfsops.c +++ b/sys/nfsclient/nfs_vfsops.c @@ -1074,6 +1074,11 @@ nfs_mount(struct mount *mp) error = EINVAL; goto out; } + if (args.fhsize < 0 || args.fhsize > NFSX_V3FHMAX) { + vfs_mount_error(mp, "Bad file handle"); + error = EINVAL; + goto out; + } if (mp->mnt_flag & MNT_UPDATE) { struct nfsmount *nmp = VFSTONFS(mp); |