svn commit: r184744 - head/sys/nfsserver

Doug Rabson dfr at FreeBSD.org
Fri Nov 7 02:43:01 PST 2008


Author: dfr
Date: Fri Nov  7 10:43:01 2008
New Revision: 184744
URL: http://svn.freebsd.org/changeset/base/184744

Log:
  Range-check NFSv2 procedure numbers before converting to NFSv3.
  
  Submitted by:	csjp

Modified:
  head/sys/nfsserver/nfs_fha.c

Modified: head/sys/nfsserver/nfs_fha.c
==============================================================================
--- head/sys/nfsserver/nfs_fha.c	Fri Nov  7 07:02:28 2008	(r184743)
+++ head/sys/nfsserver/nfs_fha.c	Fri Nov  7 10:43:01 2008	(r184744)
@@ -180,11 +180,16 @@ fha_extract_info(struct svc_req *req, st
 	i->locktype = LK_EXCLUSIVE;
 	
 	/*
-	 * Extract the procnum and convert to v3 form if necessary.
+	 * Extract the procnum and convert to v3 form if necessary,
+	 * taking care to deal with out-of-range procnums. Caller will
+	 * ensure that rq_vers is either 2 or 3.
 	 */
 	procnum = req->rq_proc;
-	if (!v3)
+	if (!v3) {
+		if (procnum > NFSV2PROC_STATFS)
+			goto out;
 		procnum = nfsrv_nfsv3_procid[procnum];
+	}
 
 	/* 
 	 * We do affinity for most. However, we divide a realm of affinity 


More information about the svn-src-head mailing list