FreeBSD Bugzilla – Attachment 177588 Details for
Bug 214881
jail with path=/ and sysctl.disablefullpath=1 leads to NULL dereference
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to fix bugs
214881.patch (text/plain), 2.24 KB, created by
aler
on 2016-12-02 03:37:41 UTC
(
hide
)
Description:
patch to fix bugs
Filename:
MIME Type:
Creator:
aler
Created:
2016-12-02 03:37:41 UTC
Size:
2.24 KB
patch
obsolete
>diff -ur old/sys/kern/kern_jail.c sys/kern/kern_jail.c >--- old/sys/kern/kern_jail.c 2016-12-02 05:27:36.000000000 +0300 >+++ sys/kern/kern_jail.c 2016-12-02 06:25:01.000000000 +0300 >@@ -978,40 +978,44 @@ > error = EINVAL; > goto done_free; > } >- NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, >- path, td); >- error = namei(&nd); >- if (error) >- goto done_free; >- root = nd.ni_vp; >- NDFREE(&nd, NDF_ONLY_PNBUF); >- g_path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); >- strlcpy(g_path, path, MAXPATHLEN); >- error = vn_path_to_global_path(td, root, g_path, MAXPATHLEN); >- if (error == 0) >- path = g_path; >- else if (error == ENODEV) { >- /* proceed if sysctl debug.disablefullpath == 1 */ >- fullpath_disabled = 1; >- if (len < 2 || (len == 2 && path[0] == '/')) >- path = NULL; >- } else { >- /* exit on other errors */ >- goto done_free; >- } >- if (root->v_type != VDIR) { >- error = ENOTDIR; >- vput(root); >- goto done_free; >- } >- VOP_UNLOCK(root, 0); >- if (fullpath_disabled) { >- /* Leave room for a real-root full pathname. */ >- if (len + (path[0] == '/' && strcmp(mypr->pr_path, "/") >- ? strlen(mypr->pr_path) : 0) > MAXPATHLEN) { >- error = ENAMETOOLONG; >- vrele(root); >+ if(len < 2 || (len == 2 && path[0] == '/')) >+ path = NULL; >+ else { >+ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, >+ path, td); >+ error = namei(&nd); >+ if (error) > goto done_free; >+ root = nd.ni_vp; >+ NDFREE(&nd, NDF_ONLY_PNBUF); >+ g_path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); >+ strlcpy(g_path, path, MAXPATHLEN); >+ error = vn_path_to_global_path(td, root, g_path, >+ MAXPATHLEN); >+ if (error == 0) >+ path = g_path; >+ else if (error == ENODEV) { >+ /* means sysctl debug.disablefullpath == 1 */ >+ fullpath_disabled = 1; >+ } else { >+ /* exit on other errors */ >+ goto done_free; >+ } >+ if (root->v_type != VDIR) { >+ error = ENOTDIR; >+ vput(root); >+ goto done_free; >+ } >+ VOP_UNLOCK(root, 0); >+ if (fullpath_disabled) { >+ /* Leave room for a real-root full pathname. */ >+ if (len + (path[0] == '/' && >+ strcmp(mypr->pr_path, "/") >+ ? strlen(mypr->pr_path) : 0) > MAXPATHLEN) { >+ error = ENAMETOOLONG; >+ vrele(root); >+ goto done_free; >+ } > } > } > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=177588">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 214881
:
177482
| 177588