diff options
| author | Marcel Telka <marcel.telka@nexenta.com> | 2013-11-20 21:43:21 +0100 |
|---|---|---|
| committer | Robert Mustacchi <rm@joyent.com> | 2013-11-22 14:34:13 -0800 |
| commit | 7c9adcc5db714f9170fd80006e7c2b613f5b17db (patch) | |
| tree | ae2e61bbc2b857f20dcddac94a970423301c9727 | |
| parent | 4bc1f5b268a3ca72608b1759f9a984f8e4b51651 (diff) | |
| download | illumos-joyent-7c9adcc5db714f9170fd80006e7c2b613f5b17db.tar.gz | |
4342 NULL pointer dereference in rfs4_op_setclientid()
Reviewed by: Dan McDonald <danmcd@nexenta.com>
Reviewed by: Sebastien Roy <sebastien.roy@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
| -rw-r--r-- | usr/src/uts/common/fs/nfs/nfs4_srv.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/usr/src/uts/common/fs/nfs/nfs4_srv.c b/usr/src/uts/common/fs/nfs/nfs4_srv.c index d576ec9e0a..7cc71954b1 100644 --- a/usr/src/uts/common/fs/nfs/nfs4_srv.c +++ b/usr/src/uts/common/fs/nfs/nfs4_srv.c @@ -20,8 +20,8 @@ */ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright 2013 Nexenta Systems, Inc. All rights reserved. * Copyright (c) 2012 by Delphix. All rights reserved. + * Copyright 2013 Nexenta Systems, Inc. All rights reserved. */ /* @@ -7925,6 +7925,22 @@ out: OPEN_DOWNGRADE4res *, resp); } +static void * +memstr(const void *s1, const char *s2, size_t n) +{ + size_t l = strlen(s2); + char *p = (char *)s1; + + while (n >= l) { + if (bcmp(p, s2, l) == 0) + return (p); + p++; + n--; + } + + return (NULL); +} + /* * The logic behind this function is detailed in the NFSv4 RFC in the * SETCLIENTID operation description under IMPLEMENTATION. Refer to @@ -7957,8 +7973,8 @@ retry: /* * Record if it is a Solaris client that cannot handle referrals. */ - if (strstr(args->client.id_val, "Solaris") && - !strstr(args->client.id_val, "+referrals")) { + if (memstr(args->client.id_val, "Solaris", args->client.id_len) && + !memstr(args->client.id_val, "+referrals", args->client.id_len)) { /* Add a "yes, it's downrev" record */ create = TRUE; ci = rfs4_find_clntip(args->client.cl_addr, &create); |