Date: Fri, 7 Nov 2008 10:43:01 +0000 (UTC) From: Doug Rabson <dfr@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r184744 - head/sys/nfsserver Message-ID: <200811071043.mA7Ah1jd081563@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dfr Date: Fri Nov 7 10:43:01 2008 New Revision: 184744 URL: http://svn.freebsd.org/changeset/base/184744 Log: Range-check NFSv2 procedure numbers before converting to NFSv3. Submitted by: csjp Modified: head/sys/nfsserver/nfs_fha.c Modified: head/sys/nfsserver/nfs_fha.c ============================================================================== --- head/sys/nfsserver/nfs_fha.c Fri Nov 7 07:02:28 2008 (r184743) +++ head/sys/nfsserver/nfs_fha.c Fri Nov 7 10:43:01 2008 (r184744) @@ -180,11 +180,16 @@ fha_extract_info(struct svc_req *req, st i->locktype = LK_EXCLUSIVE; /* - * Extract the procnum and convert to v3 form if necessary. + * Extract the procnum and convert to v3 form if necessary, + * taking care to deal with out-of-range procnums. Caller will + * ensure that rq_vers is either 2 or 3. */ procnum = req->rq_proc; - if (!v3) + if (!v3) { + if (procnum > NFSV2PROC_STATFS) + goto out; procnum = nfsrv_nfsv3_procid[procnum]; + } /* * We do affinity for most. However, we divide a realm of affinity
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811071043.mA7Ah1jd081563>