FreeBSD Bugzilla – Attachment 229730 Details for
Bug 259996
bad CREATE_SESSION NFS v4.1 reply can cause client kernel page fault
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
sanity check the rdma cnt reply to Create_session
crash0.patch (text/plain), 555 bytes, created by
Rick Macklem
on 2021-11-25 23:29:02 UTC
(
hide
)
Description:
sanity check the rdma cnt reply to Create_session
Filename:
MIME Type:
Creator:
Rick Macklem
Created:
2021-11-25 23:29:02 UTC
Size:
555 bytes
patch
obsolete
>--- sys/fs/nfsclient/nfs_clrpcops.c.crash0 2021-11-25 15:10:54.460151000 -0800 >+++ sys/fs/nfsclient/nfs_clrpcops.c 2021-11-25 15:21:19.214971000 -0800 >@@ -5233,6 +5233,10 @@ nfsrpc_createsession(struct nfsmount *nmp, struct nfsc > sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++); > NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots); > irdcnt = fxdr_unsigned(int, *tl); >+ if (irdcnt < 0 || irdcnt > 1) { >+ error = NFSERR_BADXDR; >+ goto nfsmout; >+ } > if (irdcnt > 0) > NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED); >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=229730">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 259996
:
229673
| 229730