]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3911ee2) | patch
Fix a stack overflow in mount_smbfs when hostname is too long.
authorBrooks Davis <brooks@FreeBSD.org>
Mon, 25 Jun 2018 16:42:49 +0000 (16:42 +0000)
committerBrooks Davis <brooks@FreeBSD.org>
Mon, 25 Jun 2018 16:42:49 +0000 (16:42 +0000)
commitccbbd187b1b61c3d15a1e830fd598a435442d21a
tree09092340a67fa45c23f48ca58432e84aeb56fa88tree | snapshot
parent3911ee2c92b773064abaefe0ce08006e2bebd26dcommit | diff
Fix a stack overflow in mount_smbfs when hostname is too long.

The local hostname was blindly copied into the to the nn_name array.
When the hostname exceeded 16 bytes, it would overflow.  Truncate the
hostname to 15 bytes plus a 0 terminator which is the "workstation name"
suffix.

Use defensive strlcpy() when filling nn_name in all cases.

PR: 228354
Reported by: donald.buchholz@intel.com
Reviewed by: jpaetzel,  ian (prior version)
Discussed with: Security Officer (gtetlow)
MFC after: 3 days
Security: Stack overflow with the hostname.
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D15936
contrib/smbfs/lib/smb/ctx.c diff | blob | history
contrib/smbfs/lib/smb/nbns_rq.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.