aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDag-Erling Smørgrav <des@FreeBSD.org>2013-04-29 20:15:47 +0000
committerDag-Erling Smørgrav <des@FreeBSD.org>2013-04-29 20:15:47 +0000
commit2f4caafeea77fa3430dc555477f376c4057978f9 (patch)
treeacc0166588c8b102ccdd37ff21bbf637611e80f1
parent3b64df9a1f8e8fc579629f479e93d3890cf69f06 (diff)
downloadsrc-2f4caafeea77fa3430dc555477f376c4057978f9.tar.gz
src-2f4caafeea77fa3430dc555477f376c4057978f9.zip
Fix a bug that allows NFS clients to issue READDIR on files.
PR: kern/178016 Security: CVE-2013-3266 Security: FreeBSD-SA-13:05.nfsserver Approved by: so
Notes
Notes: svn path=/releng/8.3/; revision=250059
-rw-r--r--sys/fs/nfsserver/nfs_nfsdport.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index 4c0daa359295..fd7a993982d3 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -1568,6 +1568,8 @@ nfsrvd_readdir(struct nfsrv_descript *nd, int isdgram,
nd->nd_repstat = NFSERR_BAD_COOKIE;
#endif
}
+ if (!nd->nd_repstat && vp->v_type != VDIR)
+ nd->nd_repstat = NFSERR_NOTDIR;
if (nd->nd_repstat == 0 && cnt == 0) {
if (nd->nd_flag & ND_NFSV2)
/* NFSv2 does not have NFSERR_TOOSMALL */