114506 – [nfs] nfs_readdirrpc doesn't use copyout to write out dirents

Bug 114506 - [nfs] nfs_readdirrpc doesn't use copyout to write out dirents

Summary: [nfs] nfs_readdirrpc doesn't use copyout to write out dirents

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	Unspecified
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-07-11 19:30 UTC by Eric Youngblut
Modified:	2017-08-26 03:51 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eric Youngblut 2007-07-11 19:30:04 UTC

/*
 * Readdir rpc call.
 * Called from below the buffer cache by nfs_doio().
 */
int
nfs_readdirrpc(struct vnode *vp, struct uio *uiop, struct ucred *cred)
{
...
				dp = (struct dirent *)uiop->uio_iov->iov_base;
				dp->d_fileno = fileno;
				dp->d_snapid = 0;
				dp->d_namlen = len;
				dp->d_reclen = tlen + DIRHDSIZ;
				dp->d_type = DT_UNKNOWN;

This needs to be a call to uiomove() which will do a copyout() into the user-space memory.