Correct a remote kernel panic when processing zero-length RPC records

via TCP. [06:10] Security: FreeBSD-SA-06:10.nfs Approved by: cperciva
author: simon <simon@FreeBSD.org> 2006-03-01 14:17:32 +0000
committer: simon <simon@FreeBSD.org> 2006-03-01 14:17:32 +0000
commit: 1b31e5fc10af56b71e0636186451840a46c3fe03 (patch)
tree: 147337fb2ac27de625b256c2d0a2544178f118d4 /sys/nfsserver
parent: 8d6d9efea21efa48fe2a41ecffba3cb4edf6eed8 (diff)
download: FreeBSD-src-1b31e5fc10af56b71e0636186451840a46c3fe03.zip
FreeBSD-src-1b31e5fc10af56b71e0636186451840a46c3fe03.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/nfsserver/nfs_srvsock.c b/sys/nfsserver/nfs_srvsock.c
index b17474c..50c7cbf 100644
--- a/sys/nfsserver/nfs_srvsock.c
+++ b/sys/nfsserver/nfs_srvsock.c
@@ -592,7 +592,7 @@ nfsrv_getstream(struct nfssvc_sock *slp, int waitflag)
 			slp->ns_flag |= SLP_LASTFRAG;
 		else
 			slp->ns_flag &= ~SLP_LASTFRAG;
-		if (slp->ns_reclen > NFS_MAXPACKET) {
+		if (slp->ns_reclen > NFS_MAXPACKET || slp->ns_reclen <= 0) {
 			slp->ns_flag &= ~SLP_GETSTREAM;
 			return (EPERM);
 		}
author	simon <simon@FreeBSD.org>	2006-03-01 14:17:32 +0000
committer	simon <simon@FreeBSD.org>	2006-03-01 14:17:32 +0000
commit	1b31e5fc10af56b71e0636186451840a46c3fe03 (patch)
tree	147337fb2ac27de625b256c2d0a2544178f118d4 /sys/nfsserver
parent	8d6d9efea21efa48fe2a41ecffba3cb4edf6eed8 (diff)
download	FreeBSD-src-1b31e5fc10af56b71e0636186451840a46c3fe03.zip FreeBSD-src-1b31e5fc10af56b71e0636186451840a46c3fe03.tar.gz