Date: Wed, 15 Dec 2021 01:26:53 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 260412] NFS v4 client crash if server sends a second CB_SEQUENCE with wild slotid Message-ID: <bug-260412-227-yrY6Hr4wSn@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-260412-227@https.bugs.freebsd.org/bugzilla/> References: <bug-260412-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D260412 Rick Macklem <rmacklem@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Open Assignee|bugs@FreeBSD.org |rmacklem@FreeBSD.org --- Comment #1 from Rick Macklem <rmacklem@FreeBSD.org> --- Created attachment 230127 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D230127&action= =3Dedit check for cbsequence not first op at the beginning of processing This patch should stop the crashes. It moves the check for "not first op" to the beginning of CB_Sequence processing. It also fixes a couple of other things: - Adds a sanity check for a large taglen. - Moves the check for "no cbsequence" to the beginning of op processing, since the check was in some CB ops, but not all of them. Maybe the reporter can confirm it fixes the problem for them? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-260412-227-yrY6Hr4wSn>