[Bug 260412] NFS v4 client crash if server sends a second CB_SEQUENCE with wild slotid

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260412] NFS v4 client crash if server sends a second CB_SEQUENCE with wild slotid"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 15 Dec 2021 01:26:53 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260412

Rick Macklem <rmacklem@FreeBSD.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|New                         |Open
           Assignee|bugs@FreeBSD.org            |rmacklem@FreeBSD.org

--- Comment #1 from Rick Macklem <rmacklem@FreeBSD.org> ---
Created attachment 230127
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=230127&action=edit
check for cbsequence not first op at the beginning of processing

This patch should stop the crashes.
It moves the check for "not first op" to
the beginning of CB_Sequence processing.

It also fixes a couple of other things:
- Adds a sanity check for a large taglen.
- Moves the check for "no cbsequence" to
  the beginning of op processing, since the
  check was in some CB ops, but not all of them.

Maybe the reporter can confirm it fixes the problem for them?

-- 
You are receiving this mail because:
You are the assignee for the bug.