svn commit: r253694 - in releng/8.3: . sys/kern

[Xin LI]

Author: delphij
Date: Fri Jul 26 22:40:29 2013
New Revision: 253694
URL: http://svnweb.freebsd.org/changeset/base/253694

Log:
  Fix a bug that allows remote client bypass the normal
  access checks when when -network or -host restrictions
  are used at the same time with -mapall. [13:08]
  
  Security:	CVE-2013-4851
  Security:	FreeBSD-SA-13:08.nfsserver
  Approved by:	so

Modified:
  releng/8.3/UPDATING
  releng/8.3/sys/kern/vfs_export.c

Modified: releng/8.3/UPDATING
==============================================================================
--- releng/8.3/UPDATING	Fri Jul 26 22:40:23 2013	(r253693)
+++ releng/8.3/UPDATING	Fri Jul 26 22:40:29 2013	(r253694)
@@ -15,6 +15,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8.
 	debugging tools present in HEAD were left in place because
 	sun4v support still needs work to become production ready.
 
+20130429:	p9	FreeBSD-SA-13:08.nfsserver
+	Fix a bug that allows remote client bypass the normal
+	access checks when when -network or -host restrictions are
+	used at the same time with -mapall.
+
 20130429:	p8	FreeBSD-SA-13:05.nfsserver
 	Fix a bug that allows NFS clients to issue READDIR on files.
 

Modified: releng/8.3/sys/kern/vfs_export.c
==============================================================================
--- releng/8.3/sys/kern/vfs_export.c	Fri Jul 26 22:40:23 2013	(r253693)
+++ releng/8.3/sys/kern/vfs_export.c	Fri Jul 26 22:40:29 2013	(r253694)
@@ -208,7 +208,7 @@ vfs_hang_addrlist(struct mount *mp, stru
 	np->netc_anon = crget();
 	np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
 	crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
-	    np->netc_anon->cr_groups);
+	    argp->ex_anon.cr_groups);
 	np->netc_anon->cr_prison = &prison0;
 	prison_hold(np->netc_anon->cr_prison);
 	np->netc_numsecflavors = argp->ex_numsecflavors;