[src/trunk]: src/sys/nfs Check the length of a passed in filehandle to the mo...

[fvdl <fvdl%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c6587386272c
branches:  trunk
changeset: 513418:c6587386272c
user:      fvdl <fvdl%NetBSD.org@localhost>
date:      Mon Jul 30 22:23:42 2001 +0000

description:
Check the length of a passed in filehandle to the mount call before
doing a copyin. From Ken Ashcraft @ Stanford via Constantine Sapuntzakis.

diffstat:

 sys/nfs/nfs_vfsops.c |  4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diffs (18 lines):

diff -r 73a1943bafbc -r c6587386272c sys/nfs/nfs_vfsops.c
--- a/sys/nfs/nfs_vfsops.c      Mon Jul 30 22:04:08 2001 +0000
+++ b/sys/nfs/nfs_vfsops.c      Mon Jul 30 22:23:42 2001 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: nfs_vfsops.c,v 1.104 2001/07/01 02:13:36 gmcgarry Exp $        */
+/*     $NetBSD: nfs_vfsops.c,v 1.105 2001/07/30 22:23:42 fvdl Exp $    */
 
 /*
  * Copyright (c) 1989, 1993, 1995
@@ -586,6 +586,8 @@
                return (0);
        }
        error = copyin((caddr_t)args.fh, (caddr_t)nfh, args.fhsize);
+       if (args.fhsize < 0 || args.fhsize > NFSX_V3FHMAX)
+               return (EINVAL);
        if (error)
                return (error);
        error = copyinstr(path, pth, MNAMELEN-1, &len);