From 5f3bfd608d5a27af8aec75c02104a103fa4d80b7 Mon Sep 17 00:00:00 2001 From: Matthew Dillon Date: Sun, 12 Dec 1999 07:06:39 +0000 Subject: [PATCH] Fix a number of server-side issues related to aborting badly formed NFS packets, mainly initializing structure pointers to NULL which are conditionally freed prior to return. PR: kern/15249 Submitted by: Ian Dowse --- sys/nfs/nfs_common.c | 3 +++ sys/nfs/nfs_nqlease.c | 4 +++- sys/nfs/nfs_serv.c | 8 ++++---- sys/nfs/nfs_subs.c | 3 +++ sys/nfsclient/nfs_subs.c | 3 +++ sys/nfsserver/nfs_serv.c | 8 ++++---- sys/nfsserver/nfs_srvsubs.c | 3 +++ 7 files changed, 23 insertions(+), 9 deletions(-) diff --git a/sys/nfs/nfs_common.c b/sys/nfs/nfs_common.c index 0da996b4c788..e63ba63dcfb5 100644 --- a/sys/nfs/nfs_common.c +++ b/sys/nfs/nfs_common.c @@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (saddr->sin_family == AF_INET && ntohs(saddr->sin_port) >= IPPORT_RESERVED) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } @@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (exflags & MNT_EXKERB) { if (!kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } else if (kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) { cred->cr_uid = credanon->cr_uid; diff --git a/sys/nfs/nfs_nqlease.c b/sys/nfs/nfs_nqlease.c index e64a82a1afdb..be901000239d 100644 --- a/sys/nfs/nfs_nqlease.c +++ b/sys/nfs/nfs_nqlease.c @@ -769,8 +769,10 @@ nqnfsrv_getlease(nfsd, slp, procp, mrq) nfsd->nd_duration = fxdr_unsigned(int, *tl); error = nfsrv_fhtovp(fhp, 1, &vp, cred, slp, nam, &rdonly, (nfsd->nd_flag & ND_KERBAUTH), TRUE); - if (error) + if (error) { nfsm_reply(0); + goto nfsmout; + } if (rdonly && flags == ND_WRITE) { error = EROFS; vput(vp); diff --git a/sys/nfs/nfs_serv.c b/sys/nfs/nfs_serv.c index 122e7f3ae754..e0aa5ab7e688 100644 --- a/sys/nfs/nfs_serv.c +++ b/sys/nfs/nfs_serv.c @@ -249,7 +249,7 @@ nfsrv_getattr(nfsd, slp, procp, mrq) register struct nfs_fattr *fp; struct vattr va; register struct vattr *vap = &va; - struct vnode *vp; + struct vnode *vp = NULL; nfsfh_t nfh; fhandle_t *fhp; register u_int32_t *tl; @@ -453,7 +453,7 @@ nfsrv_lookup(nfsd, slp, procp, mrq) struct ucred *cred = &nfsd->nd_cr; register struct nfs_fattr *fp; struct nameidata nd, ind, *ndp = &nd; - struct vnode *vp, *dirp; + struct vnode *vp, *dirp = NULL; nfsfh_t nfh; fhandle_t *fhp; register caddr_t cp; @@ -775,7 +775,7 @@ nfsrv_read(nfsd, slp, procp, mrq) char *cp2; struct mbuf *mb, *mb2, *mreq; struct mbuf *m2; - struct vnode *vp; + struct vnode *vp = NULL; nfsfh_t nfh; fhandle_t *fhp; struct uio io, *uiop = &io; @@ -1168,7 +1168,7 @@ nfsrv_writegather(ndp, slp, procp, mrq) int ioflags, aftat_ret = 1, s, adjust, v3, zeroing; char *cp2; struct mbuf *mb, *mb2, *mreq, *mrep, *md; - struct vnode *vp; + struct vnode *vp = NULL; struct uio io, *uiop = &io; u_quad_t frev, cur_usec; diff --git a/sys/nfs/nfs_subs.c b/sys/nfs/nfs_subs.c index 0da996b4c788..e63ba63dcfb5 100644 --- a/sys/nfs/nfs_subs.c +++ b/sys/nfs/nfs_subs.c @@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (saddr->sin_family == AF_INET && ntohs(saddr->sin_port) >= IPPORT_RESERVED) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } @@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (exflags & MNT_EXKERB) { if (!kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } else if (kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) { cred->cr_uid = credanon->cr_uid; diff --git a/sys/nfsclient/nfs_subs.c b/sys/nfsclient/nfs_subs.c index 0da996b4c788..e63ba63dcfb5 100644 --- a/sys/nfsclient/nfs_subs.c +++ b/sys/nfsclient/nfs_subs.c @@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (saddr->sin_family == AF_INET && ntohs(saddr->sin_port) >= IPPORT_RESERVED) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } @@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (exflags & MNT_EXKERB) { if (!kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } else if (kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) { cred->cr_uid = credanon->cr_uid; diff --git a/sys/nfsserver/nfs_serv.c b/sys/nfsserver/nfs_serv.c index 122e7f3ae754..e0aa5ab7e688 100644 --- a/sys/nfsserver/nfs_serv.c +++ b/sys/nfsserver/nfs_serv.c @@ -249,7 +249,7 @@ nfsrv_getattr(nfsd, slp, procp, mrq) register struct nfs_fattr *fp; struct vattr va; register struct vattr *vap = &va; - struct vnode *vp; + struct vnode *vp = NULL; nfsfh_t nfh; fhandle_t *fhp; register u_int32_t *tl; @@ -453,7 +453,7 @@ nfsrv_lookup(nfsd, slp, procp, mrq) struct ucred *cred = &nfsd->nd_cr; register struct nfs_fattr *fp; struct nameidata nd, ind, *ndp = &nd; - struct vnode *vp, *dirp; + struct vnode *vp, *dirp = NULL; nfsfh_t nfh; fhandle_t *fhp; register caddr_t cp; @@ -775,7 +775,7 @@ nfsrv_read(nfsd, slp, procp, mrq) char *cp2; struct mbuf *mb, *mb2, *mreq; struct mbuf *m2; - struct vnode *vp; + struct vnode *vp = NULL; nfsfh_t nfh; fhandle_t *fhp; struct uio io, *uiop = &io; @@ -1168,7 +1168,7 @@ nfsrv_writegather(ndp, slp, procp, mrq) int ioflags, aftat_ret = 1, s, adjust, v3, zeroing; char *cp2; struct mbuf *mb, *mb2, *mreq, *mrep, *md; - struct vnode *vp; + struct vnode *vp = NULL; struct uio io, *uiop = &io; u_quad_t frev, cur_usec; diff --git a/sys/nfsserver/nfs_srvsubs.c b/sys/nfsserver/nfs_srvsubs.c index 0da996b4c788..e63ba63dcfb5 100644 --- a/sys/nfsserver/nfs_srvsubs.c +++ b/sys/nfsserver/nfs_srvsubs.c @@ -1974,6 +1974,7 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (saddr->sin_family == AF_INET && ntohs(saddr->sin_port) >= IPPORT_RESERVED) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } @@ -1984,10 +1985,12 @@ nfsrv_fhtovp(fhp, lockflag, vpp, cred, slp, nam, rdonlyp, kerbflag, pubflag) if (exflags & MNT_EXKERB) { if (!kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } } else if (kerbflag) { vput(*vpp); + *vpp = NULL; return (NFSERR_AUTHERR | AUTH_TOOWEAK); } else if (cred->cr_uid == 0 || (exflags & MNT_EXPORTANON)) { cred->cr_uid = credanon->cr_uid;