HomeFreeBSD
Diffusion FreeBSD src repository - subversion rS335774

MFC r335641:
rS335774
Actions

Description

MFC r335641:

Fix a stack overflow in mount_smbfs when hostname is too long.

The local hostname was blindly copied into the to the nn_name array.
When the hostname exceeded 16 bytes, it would overflow. Truncate the
hostname to 15 bytes plus a 0 terminator which is the "workstation name"
suffix.

Use defensive strlcpy() when filling nn_name in all cases.

PR: 228354
Reported by: donald.buchholz@intel.com
Reviewed by: jpaetzel, ian (prior version)
Discussed with: Security Officer (gtetlow)
Security: Stack overflow with the hostname.
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D15936

Details

Provenance
brooksAuthored on
Reviewer
jpaetzel
Differential Revision
D15936: Fix a stack overflow in mount_smbfs when hostname is too long.
Parents
rS335773: Revert preference to be an int.
Branches
Unknown
Tags
Unknown

Changes (3)

PathSize
stable/
11/
contrib/
smbfs/
lib/
smb/

rS335774

View Options

stable/11/

Loading...
View Options

stable/11/contrib/smbfs/lib/smb/ctx.c

Loading...
View Options

stable/11/contrib/smbfs/lib/smb/nbns_rq.c

Loading...