svn commit: r301564 - head/sys/fs/nfsclient
Conrad E. Meyer
cem at FreeBSD.org
Tue Jun 7 20:00:21 UTC 2016
Author: cem
Date: Tue Jun 7 20:00:20 2016
New Revision: 301564
URL: https://svnweb.freebsd.org/changeset/base/301564
Log:
nfs_clvfsops: Prevent strdup of stack garbage with bogus mount specs
If strlen(hostp) was zero, the stack array 'nam' would never be initialized
before being strdup()ed. Fix this by initializing it to the empty string.
It's possible some external condition makes this case impossible, in which
case, an assertion instead of this workaround is appropriate.
Introduced in r299848.
Reported by: Coverity
CID: 1355336
Sponsored by: EMC / Isilon Storage Division
Modified:
head/sys/fs/nfsclient/nfs_clvfsops.c
Modified: head/sys/fs/nfsclient/nfs_clvfsops.c
==============================================================================
--- head/sys/fs/nfsclient/nfs_clvfsops.c Tue Jun 7 19:49:08 2016 (r301563)
+++ head/sys/fs/nfsclient/nfs_clvfsops.c Tue Jun 7 20:00:20 2016 (r301564)
@@ -806,7 +806,8 @@ nfs_mount_parse_from(struct vfsoptlist *
nam[len + offset++] = ':';
memmove(nam + len + offset, spec, speclen);
nam[len + speclen + offset] = '\0';
- }
+ } else
+ nam[0] = '\0';
/*
* XXX: IPv6
More information about the svn-src-all
mailing list