diff options
| author | dfr <dfr@FreeBSD.org> | 2008-11-07 10:43:01 +0000 |
|---|---|---|
| committer | dfr <dfr@FreeBSD.org> | 2008-11-07 10:43:01 +0000 |
| commit | cc925302a0ddcc23b001074e8f91e9823907d713 (patch) | |
| tree | 95e095f1aee0027aa1c519cb127aa850eebe3684 /sys/nfsserver | |
| parent | 41e01818b6103ed6b5a28621a05b3fd57751ee6f (diff) | |
| download | FreeBSD-src-cc925302a0ddcc23b001074e8f91e9823907d713.zip FreeBSD-src-cc925302a0ddcc23b001074e8f91e9823907d713.tar.gz | |
Range-check NFSv2 procedure numbers before converting to NFSv3.
Submitted by: csjp
Diffstat (limited to 'sys/nfsserver')
| -rw-r--r-- | sys/nfsserver/nfs_fha.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/nfsserver/nfs_fha.c b/sys/nfsserver/nfs_fha.c index a2e4ca3..66e1d3f 100644 --- a/sys/nfsserver/nfs_fha.c +++ b/sys/nfsserver/nfs_fha.c @@ -180,11 +180,16 @@ fha_extract_info(struct svc_req *req, struct fha_info *i) i->locktype = LK_EXCLUSIVE; /* - * Extract the procnum and convert to v3 form if necessary. + * Extract the procnum and convert to v3 form if necessary, + * taking care to deal with out-of-range procnums. Caller will + * ensure that rq_vers is either 2 or 3. */ procnum = req->rq_proc; - if (!v3) + if (!v3) { + if (procnum > NFSV2PROC_STATFS) + goto out; procnum = nfsrv_nfsv3_procid[procnum]; + } /* * We do affinity for most. However, we divide a realm of affinity |
