From owner-svn-src-all@freebsd.org  Tue Jun  7 20:00:21 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9DC5FB6DA62;
 Tue,  7 Jun 2016 20:00:21 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 6BA2518DA;
 Tue,  7 Jun 2016 20:00:21 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u57K0KGv031329;
 Tue, 7 Jun 2016 20:00:20 GMT (envelope-from cem@FreeBSD.org)
Received: (from cem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u57K0KN0031328;
 Tue, 7 Jun 2016 20:00:20 GMT (envelope-from cem@FreeBSD.org)
Message-Id: <201606072000.u57K0KN0031328@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org
 using -f
From: "Conrad E. Meyer" <cem@FreeBSD.org>
Date: Tue, 7 Jun 2016 20:00:20 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r301564 - head/sys/fs/nfsclient
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jun 2016 20:00:21 -0000

Author: cem
Date: Tue Jun  7 20:00:20 2016
New Revision: 301564
URL: https://svnweb.freebsd.org/changeset/base/301564

Log:
  nfs_clvfsops: Prevent strdup of stack garbage with bogus mount specs
  
  If strlen(hostp) was zero, the stack array 'nam' would never be initialized
  before being strdup()ed.  Fix this by initializing it to the empty string.
  
  It's possible some external condition makes this case impossible, in which
  case, an assertion instead of this workaround is appropriate.
  
  Introduced in r299848.
  
  Reported by:	Coverity
  CID:		1355336
  Sponsored by:	EMC / Isilon Storage Division

Modified:
  head/sys/fs/nfsclient/nfs_clvfsops.c

Modified: head/sys/fs/nfsclient/nfs_clvfsops.c
==============================================================================
--- head/sys/fs/nfsclient/nfs_clvfsops.c	Tue Jun  7 19:49:08 2016	(r301563)
+++ head/sys/fs/nfsclient/nfs_clvfsops.c	Tue Jun  7 20:00:20 2016	(r301564)
@@ -806,7 +806,8 @@ nfs_mount_parse_from(struct vfsoptlist *
 		nam[len + offset++] = ':';
 		memmove(nam + len + offset, spec, speclen);
 		nam[len + speclen + offset] = '\0';
-	}
+	} else
+		nam[0] = '\0';
 
 	/*
 	 * XXX: IPv6