mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-12-02 10:42:45 +00:00
4e7bf17e9d
The NFS RFCs are pretty loose with respect to what characters can be in a filename returned by a Readdir. However, FreeBSD, as a POSIX system will not handle imbedded '/' or nul characters in file names. Also, for NFSv4, the file names "." and ".." are handcrafted on the client and should not be returned by a NFSv4 server. This patch scans for the above in filenames returned by Readdir and ignores any entry returned by Readdir which has them in it. Because an imbedded nul would be a string terminator, it was not possible to code this check efficiently using string(3) functions. Approved by: so Security: FreeBSD-SA-24:07.nfsclient Security: CVE-2024-6759 Reported by: Apple Security Engineering and Architecture (SEAR) (cherry picked from commit |
||
|---|---|---|
| .. | ||
| autofs | ||
| cd9660 | ||
| cuse | ||
| deadfs | ||
| devfs | ||
| ext2fs | ||
| fdescfs | ||
| fifofs | ||
| fuse | ||
| mntfs | ||
| msdosfs | ||
| nfs | ||
| nfsclient | ||
| nfsserver | ||
| nullfs | ||
| procfs | ||
| pseudofs | ||
| smbfs | ||
| tarfs | ||
| tmpfs | ||
| udf | ||
| unionfs | ||