Date: Fri, 25 Mar 2022 18:23:03 GMT From: Mateusz Guzik <mjg@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 0f600883990e - main - vfs: set cn_namelen when handling degenerate lookups Message-ID: <202203251823.22PIN3uY013189@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=0f600883990ea96d2026389cfe84ca6130f6d3aa commit 0f600883990ea96d2026389cfe84ca6130f6d3aa Author: Mateusz Guzik <mjg@FreeBSD.org> AuthorDate: 2022-03-25 18:19:36 +0000 Commit: Mateusz Guzik <mjg@FreeBSD.org> CommitDate: 2022-03-25 18:19:36 +0000 vfs: set cn_namelen when handling degenerate lookups Turns out execve looks at it to store binary name, but in order to trigger the problem one has to be trying to exec '/'. As is the value would be left uninitialized (or rather set to -1 on debug kernels). Fixes: 56244d35741a62e7 ("vfs: hoist degenerate path lookups out of the loop") --- sys/kern/vfs_lookup.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index 71173d189ef2..faef7b6cb254 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -853,6 +853,7 @@ vfs_lookup_degenerate(struct nameidata *ndp, struct vnode *dp, int wantparent) VREF(dp); } ndp->ni_vp = dp; + cnp->cn_namelen = 0; if (cnp->cn_flags & AUDITVNODE1) AUDIT_ARG_VNODE1(dp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203251823.22PIN3uY013189>