]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c455a03) | patch
MFC r335641:
authorbrooks <brooks@FreeBSD.org>
Thu, 28 Jun 2018 20:33:12 +0000 (20:33 +0000)
committerbrooks <brooks@FreeBSD.org>
Thu, 28 Jun 2018 20:33:12 +0000 (20:33 +0000)
commit0b39c762ec1d16fa2bca8a386d2e1af10e106a5e
treee1c8fe67694ac5f169491903e208c945e672d597tree | snapshot
parentc455a039dc3293a88c097153209c13bc70ce3c08commit | diff
MFC r335641:

Fix a stack overflow in mount_smbfs when hostname is too long.

The local hostname was blindly copied into the to the nn_name array.
When the hostname exceeded 16 bytes, it would overflow.  Truncate the
hostname to 15 bytes plus a 0 terminator which is the "workstation name"
suffix.

Use defensive strlcpy() when filling nn_name in all cases.

PR: 228354
Reported by: donald.buchholz@intel.com
Reviewed by: jpaetzel,  ian (prior version)
Discussed with: Security Officer (gtetlow)
Security: Stack overflow with the hostname.
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D15936
contrib/smbfs/lib/smb/ctx.c diff | blob | history
contrib/smbfs/lib/smb/nbns_rq.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.