diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-04-29 20:09:44 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-04-29 20:09:44 +0000 |
| commit | c93c82f464863400532af34d4ae5012145685097 (patch) | |
| tree | 2e1bc4056e3d8c719b5313d978e2cf8e7427e5fb /sys | |
| parent | 28228e08165aa9436b288cb70967de273df7af96 (diff) | |
| download | src-c93c82f464863400532af34d4ae5012145685097.tar.gz src-c93c82f464863400532af34d4ae5012145685097.zip | |
Fix a bug that allows NFS clients to issue READDIR on files.
PR: kern/178016
Security: CVE-2013-3266
Security: FreeBSD-SA-13:05.nfsserver
Notes
Notes:
svn path=/head/; revision=250055
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/fs/nfsserver/nfs_nfsdport.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c index 92c35b2c5274..84addccb4c54 100644 --- a/sys/fs/nfsserver/nfs_nfsdport.c +++ b/sys/fs/nfsserver/nfs_nfsdport.c @@ -1574,6 +1574,8 @@ nfsrvd_readdir(struct nfsrv_descript *nd, int isdgram, nd->nd_repstat = NFSERR_BAD_COOKIE; #endif } + if (!nd->nd_repstat && vp->v_type != VDIR) + nd->nd_repstat = NFSERR_NOTDIR; if (nd->nd_repstat == 0 && cnt == 0) { if (nd->nd_flag & ND_NFSV2) /* NFSv2 does not have NFSERR_TOOSMALL */ |