From owner-svn-src-all@FreeBSD.ORG Sun Feb 5 10:59:50 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E8E17106566B; Sun, 5 Feb 2012 10:59:50 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D7F458FC0C; Sun, 5 Feb 2012 10:59:50 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q15AxoWG079846; Sun, 5 Feb 2012 10:59:50 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q15AxoaY079844; Sun, 5 Feb 2012 10:59:50 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201202051059.q15AxoaY079844@svn.freebsd.org> From: Martin Matuska Date: Sun, 5 Feb 2012 10:59:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r231012 - head/sys/kern X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 10:59:51 -0000 Author: mm Date: Sun Feb 5 10:59:50 2012 New Revision: 231012 URL: http://svn.freebsd.org/changeset/base/231012 Log: Analogous to r230407 a separate path buffer in vfs_mount.c is required for r230129. Fixes a out of bounds write to fspath. MFC after: 10 days Modified: head/sys/kern/vfs_mount.c Modified: head/sys/kern/vfs_mount.c ============================================================================== --- head/sys/kern/vfs_mount.c Sun Feb 5 09:17:49 2012 (r231011) +++ head/sys/kern/vfs_mount.c Sun Feb 5 10:59:50 2012 (r231012) @@ -1039,6 +1039,7 @@ vfs_domount( struct vfsconf *vfsp; struct nameidata nd; struct vnode *vp; + char *pathbuf; int error; /* @@ -1102,12 +1103,15 @@ vfs_domount( NDFREE(&nd, NDF_ONLY_PNBUF); vp = nd.ni_vp; if ((fsflags & MNT_UPDATE) == 0) { - error = vn_path_to_global_path(td, vp, fspath, MNAMELEN); + pathbuf = malloc(MNAMELEN, M_TEMP, M_WAITOK); + strcpy(pathbuf, fspath); + error = vn_path_to_global_path(td, vp, pathbuf, MNAMELEN); /* debug.disablefullpath == 1 results in ENODEV */ if (error == 0 || error == ENODEV) { - error = vfs_domount_first(td, vfsp, fspath, vp, + error = vfs_domount_first(td, vfsp, pathbuf, vp, fsflags, optlist); } + free(pathbuf, M_TEMP); } else error = vfs_domount_update(td, vp, fsflags, optlist); mtx_unlock(&Giant);