Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Nov 2018 20:39:37 +0000 (UTC)
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r340853 - stable/11/sys/fs/nfs
Message-ID:  <201811232039.wANKdbh8054861@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: emaste
Date: Fri Nov 23 20:39:37 2018
New Revision: 340853
URL: https://svnweb.freebsd.org/changeset/base/340853

Log:
  MFC r340662 (rmacklem):
  
  nfsm_advance() would panic() when the offs argument was negative.
  The code assumed that this would indicate a corrupted mbuf chain, but
  it could simply be caused by bogus RPC message data.
  This patch replaces the panic() with a printf() plus error return.

Modified:
  stable/11/sys/fs/nfs/nfs_commonsubs.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/fs/nfs/nfs_commonsubs.c
==============================================================================
--- stable/11/sys/fs/nfs/nfs_commonsubs.c	Fri Nov 23 20:38:50 2018	(r340852)
+++ stable/11/sys/fs/nfs/nfs_commonsubs.c	Fri Nov 23 20:39:37 2018	(r340853)
@@ -360,10 +360,14 @@ nfsm_advance(struct nfsrv_descript *nd, int offs, int 
 	if (offs == 0)
 		goto out;
 	/*
-	 * A negative offs should be considered a serious problem.
+	 * A negative offs might indicate a corrupted mbuf chain and,
+	 * as such, a printf is logged.
 	 */
-	if (offs < 0)
-		panic("nfsrv_advance");
+	if (offs < 0) {
+		printf("nfsrv_advance: negative offs\n");
+		error = EBADRPC;
+		goto out;
+	}
 
 	/*
 	 * If left == -1, calculate it here.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201811232039.wANKdbh8054861>