diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 1996-12-05 23:14:28 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 1996-12-05 23:14:28 +0000 |
| commit | 8405e7658d7368a311415bc86a47864a0e38d12b (patch) | |
| tree | 11c961a416f345973d151605d19b7e33c2fa5619 /sbin/mountd | |
| parent | 5c988ed986aeb81c1890289158196a98c9af6730 (diff) | |
Stop info gathering attack pointed out by Alan Cox <alan@cymru.net>
Only return ENOENT if the dir trying to be mounted is really exported
to the client. Return EACCESS if not exported.
Diffstat (limited to 'sbin/mountd')
| -rw-r--r-- | sbin/mountd/mountd.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index 9c69a7fd929..b43d3f80c7e 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mountd.c,v 1.11 1996/09/28 05:47:42 downsj Exp $ */ +/* $OpenBSD: mountd.c,v 1.12 1996/12/05 23:14:27 millert Exp $ */ /* $NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $ */ /* @@ -336,7 +336,7 @@ mntsrv(rqstp, transp) u_long saddr; u_short sport; char rpcpath[RPCMNT_PATHLEN+1], dirpath[MAXPATHLEN]; - long bad = ENOENT; + long bad = 0; int defset, hostset; sigset_t sighup_mask; @@ -371,9 +371,7 @@ mntsrv(rqstp, transp) chdir("/"); /* Just in case realpath doesn't */ if (debug) fprintf(stderr, "stat failed on %s\n", dirpath); - if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad)) - syslog(LOG_ERR, "Can't send reply"); - return; + bad = ENOENT; /* We will send error reply later */ } /* Check in the exports list */ @@ -385,6 +383,13 @@ mntsrv(rqstp, transp) chk_host(dp, saddr, &defset, &hostset)) || (defset && scan_tree(ep->ex_defdir, saddr) == 0 && scan_tree(ep->ex_dirl, saddr) == 0))) { + if (bad) { + if (!svc_sendreply(transp, xdr_long, + (caddr_t)&bad)) + syslog(LOG_ERR, "Can't send reply"); + sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); + return; + } if (hostset & DP_HOSTSET) fhr.fhr_flag = hostset; else @@ -413,11 +418,11 @@ mntsrv(rqstp, transp) dirpath); if (debug) fprintf(stderr,"Mount successful.\n"); - } else { + } else bad = EACCES; - if (!svc_sendreply(transp, xdr_long, (caddr_t)&bad)) - syslog(LOG_ERR, "Can't send reply"); - } + + if (bad && !svc_sendreply(transp, xdr_long, (caddr_t)&bad)) + syslog(LOG_ERR, "Can't send reply"); sigprocmask(SIG_UNBLOCK, &sighup_mask, NULL); return; case RPCMNT_DUMP: |