summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorConstantine Sapuntzakis <csapuntz@cvs.openbsd.org>2001-07-27 05:43:18 +0000
committerConstantine Sapuntzakis <csapuntz@cvs.openbsd.org>2001-07-27 05:43:18 +0000
commit5800a67018214e91d6afb1ba94b170772760c709 (patch)
treebd1271be6ab4e1e27b69960c8cf4695be2099cbc /sys
parentcafe155cac903d74c7928e5d61d7ece19a09fe03 (diff)
Don't accept arbitrary size file handles as the kernel buffer we are copying
it into is fixed and on the stack
Diffstat (limited to 'sys')
-rw-r--r--sys/nfs/nfs_vfsops.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/nfs/nfs_vfsops.c b/sys/nfs/nfs_vfsops.c
index 1741948fd31..a6904781c9c 100644
--- a/sys/nfs/nfs_vfsops.c
+++ b/sys/nfs/nfs_vfsops.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nfs_vfsops.c,v 1.36 2001/06/30 08:35:27 csapuntz Exp $ */
+/* $OpenBSD: nfs_vfsops.c,v 1.37 2001/07/27 05:43:17 csapuntz Exp $ */
/* $NetBSD: nfs_vfsops.c,v 1.46.4.1 1996/05/25 22:40:35 fvdl Exp $ */
/*
@@ -643,6 +643,8 @@ nfs_mount(mp, path, data, ndp, p)
nfs_decode_args(nmp, &args, &mp->mnt_stat.mount_info.nfs_args);
return (0);
}
+ if (args.fhsize < 0 || args.fhsize > NFSX_V3FHMAX)
+ return (EINVAL);
error = copyin((caddr_t)args.fh, (caddr_t)nfh, args.fhsize);
if (error)
return (error);