From 65e8becbaaf3c8b50f85187283bfa36f06dbae2a Mon Sep 17 00:00:00 2001 From: des Date: Mon, 29 Apr 2013 20:15:43 +0000 Subject: [PATCH] Fix a bug that allows NFS clients to issue READDIR on files. PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so git-svn-id: svn://svn.freebsd.org/base/stable/8@250058 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- sys/fs/nfsserver/nfs_nfsdport.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index 7d29b1d8c..25b0260d7 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -1569,6 +1569,8 @@ nfsrvd_readdir(struct nfsrv_descript *nd, int isdgram, nd->nd_repstat = NFSERR_BAD_COOKIE; #endif } + if (!nd->nd_repstat && vp->v_type != VDIR) + nd->nd_repstat = NFSERR_NOTDIR; if (nd->nd_repstat == 0 && cnt == 0) { if (nd->nd_flag & ND_NFSV2) /* NFSv2 does not have NFSERR_TOOSMALL */ -- 2.45.0