[Bug 260266] NFS callback RPC with negative taglen can crash client

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260266] NFS callback RPC with negative taglen can crash client"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 08 Dec 2021 21:58:11 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260266

Rick Macklem <rmacklem@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|bugs@FreeBSD.org            |rmacklem@FreeBSD.org
             Status|New                         |Open

--- Comment #1 from Rick Macklem <rmacklem@FreeBSD.org> ---
Created attachment 229981
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=229981&action=edit
properly sanity check the callback taglen

The sanity check for taglen in the callback request
was incoorect in two ways.
1 - It did not check for an excessively large value.
2 - It did not set the taglen to -1 when the sanity check failed.
This patch fixes the above and should stop the crashes.

Maybe the reporter can confirm that the patch stops the
crashes for them?

-- 
You are receiving this mail because:
You are the assignee for the bug.