nfs_commonsubs.c: Add a sanity check for nid_ngroup
ClosedPublic
Actions

Authored by rmacklem on Oct 28 2025, 12:29 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Mon, Feb 23, 9:31 PM

	Unknown Object (File)
	Sat, Feb 21, 6:27 AM

	Unknown Object (File)
	Sun, Feb 8, 11:28 AM

	Unknown Object (File)
	Sat, Feb 7, 7:07 PM

	Unknown Object (File)
	Sat, Jan 31, 11:21 AM

	Unknown Object (File)
	Jan 23 2026, 3:09 PM

	Unknown Object (File)
	Nov 25 2025, 8:21 PM

	Unknown Object (File)
	Nov 22 2025, 9:10 PM

View All 27 Files

Subscribers

imp

Details

Reviewers

emaste
markj

Commits

rG4672adcea4cf: nfs_commonsubs.c: Add a sanity check for nid_ngroup

Summary

The nfsuserd(8) daemon passes user credentials
(uid + gids) into the kernel for users and groups
identified by name (received from a NFSv4 server).

This patch add a sanity check for the number of
groups (nid_ngroup) passed in.

It's only purpose is to protect against a bogus
nfsuserd(8) running in a jail.

Test Plan

Only tested for a valid working nfsuserd(8) daemon.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

rmacklem created this revision.Oct 28 2025, 12:29 AM

Herald added a subscriber: imp. · View Herald TranscriptOct 28 2025, 12:29 AM

rmacklem requested review of this revision.Oct 28 2025, 12:29 AM

markj accepted this revision.Oct 28 2025, 1:10 PM

This revision is now accepted and ready to land.Oct 28 2025, 1:10 PM

Closed by commit rG4672adcea4cf: nfs_commonsubs.c: Add a sanity check for nid_ngroup (authored by rmacklem). · Explain WhyOct 28 2025, 2:47 PM

This revision was automatically updated to reflect the committed changes.

rmacklem added a commit: rG4672adcea4cf: nfs_commonsubs.c: Add a sanity check for nid_ngroup.

Revision Contents
Changeset List

Path

Size

sys/

fs/

nfs/

nfs_commonsubs.c

13 lines

Diff 165214

View Options

sys/fs/nfs/nfs_commonsubs.c

nfs_commonsubs.c: Add a sanity check for nid_ngroupClosedPublicActions