diff options
| author | Ian Dowse <iedowse@FreeBSD.org> | 2001-04-22 21:50:30 +0000 |
|---|---|---|
| committer | Ian Dowse <iedowse@FreeBSD.org> | 2001-04-22 21:50:30 +0000 |
| commit | f93caef239519d301f1771e0718b5e1615b7cb24 (patch) | |
| tree | 048b594e5c3a63c87ea3f27daddd50eafe65c2a3 /usr.sbin/mountd | |
| parent | fc89704c57d79231c204a9a3b0b2adb178b79ff1 (diff) | |
| download | src-f93caef239519d301f1771e0718b5e1615b7cb24.tar.gz src-f93caef239519d301f1771e0718b5e1615b7cb24.zip | |
When exporting a directory that is not a mountpoint, mountd repeatedly
removes the last path component until the mount() succeeds. However,
the code never checks if it has passed the mountpoint, so in some
cases where the mount() never succeeds, it can end up applying the
flags from a mounted filesystem to the underlying one.
Add a sanity check to the code which removes the last path component:
test that the fsid associated with the new path is the same as that
of the old one.
PR: bin/7872
Notes
Notes:
svn path=/head/; revision=75841
Diffstat (limited to 'usr.sbin/mountd')
| -rw-r--r-- | usr.sbin/mountd/mountd.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index 303896c581f5..3726cba0e510 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -1734,6 +1734,7 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb) int dirplen; struct statfs *fsb; { + struct statfs fsb1; struct addrinfo *ai; struct export_args *eap; char *cp = NULL; @@ -1835,6 +1836,13 @@ do_mount(ep, grp, exflags, anoncrp, dirp, dirplen, fsb) } savedc = *cp; *cp = '\0'; + /* Check that we're still on the same filesystem. */ + if (statfs(dirp, &fsb1) != 0 || bcmp(&fsb1.f_fsid, + &fsb->f_fsid, sizeof(fsb1.f_fsid)) != 0) { + *cp = savedc; + syslog(LOG_ERR, "can't export %s", dirp); + return (1); + } } skip: if (ai != NULL) |