Date: Mon, 25 Jun 2018 16:43:18 +0000 From: bugzilla-noreply@freebsd.org To: fs@FreeBSD.org Subject: [Bug 228354] mount_smbfs - long hostname causes stack overflow Message-ID: <bug-228354-3630-oXIzxEbbDm@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-228354-3630@https.bugs.freebsd.org/bugzilla/> References: <bug-228354-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228354 --- Comment #12 from commit-hook@freebsd.org --- A commit references this bug: Author: brooks Date: Mon Jun 25 16:42:50 UTC 2018 New revision: 335641 URL: https://svnweb.freebsd.org/changeset/base/335641 Log: Fix a stack overflow in mount_smbfs when hostname is too long. The local hostname was blindly copied into the to the nn_name array. When the hostname exceeded 16 bytes, it would overflow. Truncate the hostname to 15 bytes plus a 0 terminator which is the "workstation name" suffix. Use defensive strlcpy() when filling nn_name in all cases. PR: 228354 Reported by: donald.buchholz@intel.com Reviewed by: jpaetzel, ian (prior version) Discussed with: Security Officer (gtetlow) MFC after: 3 days Security: Stack overflow with the hostname. Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D15936 Changes: head/contrib/smbfs/lib/smb/ctx.c head/contrib/smbfs/lib/smb/nbns_rq.c --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-228354-3630-oXIzxEbbDm>