From owner-freebsd-current Thu Feb 15 9:46:10 2001 Delivered-To: freebsd-current@freebsd.org Received: from mail.imp.ch (mail.imp.ch [157.161.1.2]) by hub.freebsd.org (Postfix) with ESMTP id D38D637B401; Thu, 15 Feb 2001 09:46:06 -0800 (PST) Received: from levais.imp.ch (levais.imp.ch [157.161.4.66]) by mail.imp.ch (8.11.1/8.11.1) with ESMTP id f1FHk5018911; Thu, 15 Feb 2001 18:46:05 +0100 (CET) (envelope-from Martin.Blapp@imp.ch) Date: Thu, 15 Feb 2001 18:46:04 +0100 (CET) From: Martin Blapp To: adrian@freebsd.org Cc: current@freebsd.org Subject: Fix for mountpath lenght Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In mount.h, we have a #define MNAMELEN 80 and in struct statfs {} we have: char f_mntonname[MNAMELEN]; /* directory on which mounted */ but the kernel does no check to see if the mountpath is longer than MNAMELEN, it just accepts it ? It's impossible to umount(8) it, because umount(8) does not like to unmount some device which does not belong to the mountpoint. --- vfs_syscalls.c Sun Nov 26 03:30:05 2000 +++ vfs_syscalls.c.new Thu Feb 15 18:22:13 2001 @@ -140,6 +140,8 @@ /* * Get vnode to be covered */ + if (strlen(SCARG(uap, path)) > MNAMELEN) + return (ENAMETOOLONG); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, SCARG(uap, path), p); if ((error = namei(&nd)) != 0) Martin Blapp, mb@imp.ch ------------------------------------------------ Improware AG, UNIX solution and service provider Zurlindenstrasse 29, 4133 Pratteln, Switzerland Phone: +41 79 370 26 05, Fax: +41 61 826 93 01 ------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message