Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-doc
 Path: blob/main/website/static/security/patches/EN-07:01/nfs61.patch
18096 views
1
Index: sys/nfsserver/nfs_serv.c

2
===================================================================

3
RCS file: /home/ncvs/src/sys/nfsserver/nfs_serv.c,v

4
retrieving revision 1.156.2.2

5
diff -u -r1.156.2.2 nfs_serv.c

6
--- sys/nfsserver/nfs_serv.c	13 Mar 2006 03:06:49 -0000	1.156.2.2

7
+++ sys/nfsserver/nfs_serv.c	3 Jan 2007 17:14:55 -0000

8
@@ -569,6 +569,10 @@

9


10
 			error = lookup(&ind);

11
 			ind.ni_dvp = NULL;

12
+			if (ind.ni_cnd.cn_flags & GIANTHELD) {

13
+				mtx_unlock(&Giant);

14
+				ind.ni_cnd.cn_flags &= ~GIANTHELD;

15
+			}

16


17
 			if (error == 0) {

18
 				/*

19
@@ -1915,6 +1919,10 @@

20


21
 			error = lookup(&nd);

22
 			nd.ni_dvp = NULL;

23
+			if (nd.ni_cnd.cn_flags & GIANTHELD) {

24
+				mtx_unlock(&Giant);

25
+				nd.ni_cnd.cn_flags &= ~GIANTHELD;

26
+			}

27
 			if (error)

28
 				goto ereply;

29


30
@@ -2141,6 +2149,10 @@

31


32
 		error = lookup(&nd);

33
 		nd.ni_dvp = NULL;

34
+		if (nd.ni_cnd.cn_flags & GIANTHELD) {

35
+			mtx_unlock(&Giant);

36
+			nd.ni_cnd.cn_flags &= ~GIANTHELD;

37
+		}

38


39
 		if (error)

40
 			goto out;

41
@@ -2514,8 +2526,8 @@

42
 		tond.ni_dvp = NULL;

43
 		tond.ni_vp = NULL;

44
 		if (error) {

45
-			fromnd.ni_cnd.cn_flags &= ~HASBUF;

46
-			tond.ni_cnd.cn_flags &= ~HASBUF;

47
+			NDFREE(&fromnd, NDF_ONLY_PNBUF);

48
+			NDFREE(&tond, NDF_ONLY_PNBUF);

49
 		}

50
 	} else {

51
 		if (error == -1)

52
@@ -2809,6 +2821,12 @@

53
 	nd.ni_cnd.cn_flags = LOCKPARENT | SAVESTART;

54
 	error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,

55
 		&dirp, v3, &dirfor, &dirfor_ret, td, FALSE);

56
+	if (error == 0) {

57
+		VATTR_NULL(vap);

58
+		if (v3)

59
+			nfsm_srvsattr(vap);

60
+		nfsm_srvpathsiz(len2);

61
+	}

62
 	NFSD_UNLOCK();

63
 	mtx_lock(&Giant);	/* VFS */

64
 	if (dirp && !v3) {

65
@@ -2818,10 +2836,6 @@

66
 	if (error)

67
 		goto out;

68


69
-	VATTR_NULL(vap);

70
-	if (v3)

71
-		nfsm_srvsattr(vap);

72
-	nfsm_srvpathsiz(len2);

73
 	MALLOC(pathcp, caddr_t, len2 + 1, M_TEMP, M_WAITOK);

74
 	iv.iov_base = pathcp;

75
 	iv.iov_len = len2;

76
@@ -2878,6 +2892,10 @@

77


78
 		error = lookup(&nd);

79
 		nd.ni_dvp = NULL;

80
+		if (nd.ni_cnd.cn_flags & GIANTHELD) {

81
+			mtx_unlock(&Giant);

82
+			nd.ni_cnd.cn_flags &= ~GIANTHELD;

83
+		}

84


85
 		if (error == 0) {

86
 			bzero((caddr_t)fhp, sizeof(nfh));

87
Index: sys/nfsserver/nfs_srvsubs.c

88
===================================================================

89
RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvsubs.c,v

90
retrieving revision 1.136.2.2

91
diff -u -r1.136.2.2 nfs_srvsubs.c

92
--- sys/nfsserver/nfs_srvsubs.c	4 Apr 2006 15:29:51 -0000	1.136.2.2

93
+++ sys/nfsserver/nfs_srvsubs.c	2 Jan 2007 19:20:02 -0000

94
@@ -875,6 +875,10 @@

95
 	}

96
 	if (!lockleaf)

97
 		cnp->cn_flags &= ~LOCKLEAF;

98
+	if (cnp->cn_flags & GIANTHELD) {

99
+		mtx_unlock(&Giant);

100
+		cnp->cn_flags &= ~GIANTHELD;

101
+	}

102


103
 	/*

104
 	 * nfs_namei() guarentees that fields will not contain garbage

105
@@ -1331,6 +1335,24 @@

106
 	return 0;

107
 }

108


109
+int

110
+nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos)

111
+{

112
+	u_int32_t *tl;

113
+

114
+	NFSD_LOCK_DONTCARE();

115
+

116
+	tl = nfsm_dissect_xx_nonblock(NFSX_UNSIGNED, md, dpos);

117
+	if (tl == NULL)

118
+		return EBADRPC;

119
+	*s = fxdr_unsigned(int32_t, *tl);

120
+	if (*s > m)

121
+		return NFSERR_NAMETOL;

122
+	if (*s < 0)

123
+		return EBADRPC;

124
+	return 0;

125
+}

126
+

127
 void

128
 nfsm_clget_xx(u_int32_t **tl, struct mbuf *mb, struct mbuf **mp,

129
     char **bp, char **be, caddr_t bpos, int droplock)

130
Index: sys/nfsserver/nfsm_subs.h

131
===================================================================

132
RCS file: /home/ncvs/src/sys/nfsserver/nfsm_subs.h,v

133
retrieving revision 1.37

134
diff -u -r1.37 nfsm_subs.h

135
--- sys/nfsserver/nfsm_subs.h	7 Jan 2005 01:45:51 -0000	1.37

136
+++ sys/nfsserver/nfsm_subs.h	2 Jan 2007 19:16:30 -0000

137
@@ -74,6 +74,7 @@

138


139
 int	nfsm_srvstrsiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);

140
 int	nfsm_srvnamesiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);

141
+int	nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);

142
 int	nfsm_srvmtofh_xx(fhandle_t *f, struct nfsrv_descript *nfsd,

143
 	    struct mbuf **md, caddr_t *dpos);

144
 int	nfsm_srvsattr_xx(struct vattr *a, struct mbuf **md, caddr_t *dpos);

145
@@ -101,7 +102,7 @@

146
 #define	nfsm_srvpathsiz(s) \

147
 do { \

148
 	int t1; \

149
-	t1 = nfsm_srvnamesiz_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \

150
+	t1 = nfsm_srvnamesiz0_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \

151
 	if (t1) { \

152
 		error = t1; \

153
 		nfsm_reply(0); \

154


155