diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-01-18 13:59:19 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2019-01-18 13:59:19 +0000 |
| commit | a4381cfe77bf38f0a7ec867ce47a05b2778c4376 (patch) | |
| tree | 40f0c67abac00e7c972f1adf9d440391f7bc2d81 /sys | |
| parent | d56258d58186dc64070f940dbe33ec9b20c4cc8c (diff) | |
Check for negative length in NFS strings. This affects both, the
client and server.
OK beck@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/nfs/nfsm_subs.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/nfs/nfsm_subs.h b/sys/nfs/nfsm_subs.h index 020997855f8..647fda5dba9 100644 --- a/sys/nfs/nfsm_subs.h +++ b/sys/nfs/nfsm_subs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: nfsm_subs.h,v 1.46 2018/07/09 07:50:28 krw Exp $ */ +/* $OpenBSD: nfsm_subs.h,v 1.47 2019/01/18 13:59:18 bluhm Exp $ */ /* $NetBSD: nfsm_subs.h,v 1.10 1996/03/20 21:59:56 fvdl Exp $ */ /* @@ -173,7 +173,7 @@ struct nfsm_info { #define nfsm_strsiz(s, m) { \ nfsm_dissect(tl, u_int32_t *,NFSX_UNSIGNED); \ - if (((s) = fxdr_unsigned(int32_t, *tl)) > (m)) { \ + if (((s) = fxdr_unsigned(int32_t, *tl)) < 0 || (s) > (m)) { \ m_freem(info.nmi_mrep); \ error = EBADRPC; \ goto nfsmout; \ |