Date: Tue, 7 Jun 2016 20:00:20 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r301564 - head/sys/fs/nfsclient Message-ID: <201606072000.u57K0KN0031328@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Tue Jun 7 20:00:20 2016 New Revision: 301564 URL: https://svnweb.freebsd.org/changeset/base/301564 Log: nfs_clvfsops: Prevent strdup of stack garbage with bogus mount specs If strlen(hostp) was zero, the stack array 'nam' would never be initialized before being strdup()ed. Fix this by initializing it to the empty string. It's possible some external condition makes this case impossible, in which case, an assertion instead of this workaround is appropriate. Introduced in r299848. Reported by: Coverity CID: 1355336 Sponsored by: EMC / Isilon Storage Division Modified: head/sys/fs/nfsclient/nfs_clvfsops.c Modified: head/sys/fs/nfsclient/nfs_clvfsops.c ============================================================================== --- head/sys/fs/nfsclient/nfs_clvfsops.c Tue Jun 7 19:49:08 2016 (r301563) +++ head/sys/fs/nfsclient/nfs_clvfsops.c Tue Jun 7 20:00:20 2016 (r301564) @@ -806,7 +806,8 @@ nfs_mount_parse_from(struct vfsoptlist * nam[len + offset++] = ':'; memmove(nam + len + offset, spec, speclen); nam[len + speclen + offset] = '\0'; - } + } else + nam[0] = '\0'; /* * XXX: IPv6
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201606072000.u57K0KN0031328>