diff options
author | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 2001-07-27 05:43:18 +0000 |
---|---|---|
committer | Constantine Sapuntzakis <csapuntz@cvs.openbsd.org> | 2001-07-27 05:43:18 +0000 |
commit | 5800a67018214e91d6afb1ba94b170772760c709 (patch) | |
tree | bd1271be6ab4e1e27b69960c8cf4695be2099cbc /sys | |
parent | cafe155cac903d74c7928e5d61d7ece19a09fe03 (diff) |
Don't accept arbitrary size file handles as the kernel buffer we are copying
it into is fixed and on the stack
Diffstat (limited to 'sys')
-rw-r--r-- | sys/nfs/nfs_vfsops.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/nfs/nfs_vfsops.c b/sys/nfs/nfs_vfsops.c index 1741948fd31..a6904781c9c 100644 --- a/sys/nfs/nfs_vfsops.c +++ b/sys/nfs/nfs_vfsops.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nfs_vfsops.c,v 1.36 2001/06/30 08:35:27 csapuntz Exp $ */ +/* $OpenBSD: nfs_vfsops.c,v 1.37 2001/07/27 05:43:17 csapuntz Exp $ */ /* $NetBSD: nfs_vfsops.c,v 1.46.4.1 1996/05/25 22:40:35 fvdl Exp $ */ /* @@ -643,6 +643,8 @@ nfs_mount(mp, path, data, ndp, p) nfs_decode_args(nmp, &args, &mp->mnt_stat.mount_info.nfs_args); return (0); } + if (args.fhsize < 0 || args.fhsize > NFSX_V3FHMAX) + return (EINVAL); error = copyin((caddr_t)args.fh, (caddr_t)nfh, args.fhsize); if (error) return (error); |