Summary: | Heap overflow in nlm system call | ||
---|---|---|---|
Product: | Base System | Reporter: | CTurt <ecturt> |
Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | dfr, dfr, rmacklem, sbruno, shawn.webb |
Priority: | --- | ||
Version: | CURRENT | ||
Hardware: | Any | ||
OS: | Any |
Description
CTurt
2016-04-14 21:28:06 UTC
Rick: is 256 the right amount here? No idea. I'm not familiar with the NLM implementation (rpc.lockd). (In reply to Rick Macklem from comment #2) Fair. I'll see if emailing Doug does anything. :-) (In reply to Sean Bruno from comment #3) I'm not sure if 256 is the right number either but it seems unlikely that a real server would have that many addresses. The patch is probably fine as-is although it would be nice if the error message also mentioned the limit on number of addresses. A commit references this bug: Author: sbruno Date: Wed Apr 20 15:31:03 UTC 2016 New revision: 298351 URL: https://svnweb.freebsd.org/changeset/base/298351 Log: Avoid a possible heap overflow in our nlm code by limiting the number of service to the arbitrary value of 256. Log an appropriate message that indicates the hard limit. PR: 208808 Submitted by: cturt@hardenedbsd.org Reviewed by: dfr Obtained from: HardenedBSD MFC after: 2 weeks Changes: head/sys/nlm/nlm_prot_impl.c this was MFC'd to stable/10: r303173 | sbruno | 2016-07-21 21:09:47 -0600 (Thu, 21 Jul 2016) | 6 lines MFC r298351 Avoid a possible heap overflow in our nlm code by limiting the number of service to the arbitrary value of 256. Log an appropriate message that indicates the hard limit. |