Attachment #229822 for bug #260111

View | Details | Raw Unified | Return to bug 260111
Collapse All | Expand All

Lines 1108-1113 nfsrv_dissectacl(struct nfsrv_descript nd, NFSACL_T Link Here

(-)sys/fs/nfs/nfs_commonsubs.c (+10 lines)
1108	NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);	1108	NFSM_DISSECT(tl, u_int32_t *, NFSX_UNSIGNED);
1109	aclsize = NFSX_UNSIGNED;	1109	aclsize = NFSX_UNSIGNED;
1110	acecnt = fxdr_unsigned(int, *tl);	1110	acecnt = fxdr_unsigned(int, *tl);
		1111	/*
		1112	* The RFCs do not define a fixed limit to the number of ACEs in
		1113	* an ACL, but 10240 should be more than sufficient.
		1114	*/
		1115	if (acecnt < 0 \|\| acecnt > 10240) {
		1116	error = NFSERR_BADXDR;
		1117	goto nfsmout;
		1118	}
1111	if (acecnt > ACL_MAX_ENTRIES)	1119	if (acecnt > ACL_MAX_ENTRIES)
1112	aceerr = NFSERR_ATTRNOTSUPP;	1120	aceerr = NFSERR_ATTRNOTSUPP;
1113	if (nfsrv_useacl == 0)	1121	if (nfsrv_useacl == 0)
Lines 1493-1498 nfsv4_loadattr(struct nfsrv_descript *nd, vnode_t vp, Link Here
1493	} else {	1501	} else {
1494	error = nfsrv_dissectacl(nd, NULL, &aceerr,	1502	error = nfsrv_dissectacl(nd, NULL, &aceerr,
1495	&cnt, p);	1503	&cnt, p);
		1504	if (error)
		1505	goto nfsmout;
1496	*retcmpp = NFSERR_ATTRNOTSUPP;	1506	*retcmpp = NFSERR_ATTRNOTSUPP;
1497	}	1507	}
1498	}	1508	}

Lines 58-64 nfsrv_dissectace(struct nfsrv_descript *nd, struct acl Link Here

(-)sys/fs/nfs/nfs_commonacl.c (-1 / +5 lines)
58	flag = fxdr_unsigned(u_int32_t, *tl++);	58	flag = fxdr_unsigned(u_int32_t, *tl++);
59	mask = fxdr_unsigned(u_int32_t, *tl++);	59	mask = fxdr_unsigned(u_int32_t, *tl++);
60	len = fxdr_unsigned(int, *tl);	60	len = fxdr_unsigned(int, *tl);
61	if (len < 0) {	61	/*
		62	* The RFCs do not specify a limit to the length of the "who", but
		63	* NFSV4_OPAQUELIMIT (1024) should be sufficient.
		64	*/
		65	if (len < 0 \|\| len > NFSV4_OPAQUELIMIT) {
62	error = NFSERR_BADXDR;	66	error = NFSERR_BADXDR;
63	goto nfsmout;	67	goto nfsmout;
64	} else if (len == 0) {	68	} else if (len == 0) {

Return to bug 260111