From 8cd50d6fdf12d1fb65860a249d0a5e9a2b065996 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <millert@cvs.openbsd.org>
Date: Mon, 21 Jan 2002 18:50:46 +0000
Subject: Mount points must fit in MNAMELEN, not MAXPATHLEN so use copyinstr()
 to detect whether the path passed in from userland is too long. Based on a
 patch from peterw AT ifost.org.au.

---
 sys/kern/vfs_syscalls.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'sys/kern')

diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index bacf1ff55d3..d888d8ddd75 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vfs_syscalls.c,v 1.85 2002/01/18 01:36:29 mickey Exp $	*/
+/*	$OpenBSD: vfs_syscalls.c,v 1.86 2002/01/21 18:50:45 millert Exp $	*/
 /*	$NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $	*/
 
 /*
@@ -105,6 +105,7 @@ sys_mount(p, v, retval)
 	u_long fstypenum = 0;
 #endif
 	char fstypename[MFSNAMELEN];
+	char fspath[MNAMELEN];
 	struct vattr va;
 	struct nameidata nd;
 	struct vfsconf *vfsp;
@@ -113,11 +114,17 @@ sys_mount(p, v, retval)
 	if (usermount == 0 && (error = suser(p->p_ucred, &p->p_acflag)))
 		return (error);
 
+	/*
+	 * Mount points must fit in MNAMELEN, not MAXPATHLEN.
+	 */
+	error = copyinstr(SCARG(uap, path), fspath, MNAMELEN, NULL);
+	if (error)
+		return(error);
+
 	/*
 	 * Get vnode to be covered
 	 */
-	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
-	    SCARG(uap, path), p);
+	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, fspath, p);
 	if ((error = namei(&nd)) != 0)
 		return (error);
 	vp = nd.ni_vp;
-- 
cgit v1.2.3