Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Jun 2018 16:43:18 +0000
From:      bugzilla-noreply@freebsd.org
To:        fs@FreeBSD.org
Subject:   [Bug 228354] mount_smbfs - long hostname causes stack overflow
Message-ID:  <bug-228354-3630-oXIzxEbbDm@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-228354-3630@https.bugs.freebsd.org/bugzilla/>
References:  <bug-228354-3630@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228354

--- Comment #12 from commit-hook@freebsd.org ---
A commit references this bug:

Author: brooks
Date: Mon Jun 25 16:42:50 UTC 2018
New revision: 335641
URL: https://svnweb.freebsd.org/changeset/base/335641

Log:
  Fix a stack overflow in mount_smbfs when hostname is too long.

  The local hostname was blindly copied into the to the nn_name array.
  When the hostname exceeded 16 bytes, it would overflow.  Truncate the
  hostname to 15 bytes plus a 0 terminator which is the "workstation name"
  suffix.

  Use defensive strlcpy() when filling nn_name in all cases.

  PR:           228354
  Reported by:  donald.buchholz@intel.com
  Reviewed by:  jpaetzel,  ian (prior version)
  Discussed with:       Security Officer (gtetlow)
  MFC after:    3 days
  Security:     Stack overflow with the hostname.
  Sponsored by: DARPA, AFRL
  Differential Revision:        https://reviews.freebsd.org/D15936

Changes:
  head/contrib/smbfs/lib/smb/ctx.c
  head/contrib/smbfs/lib/smb/nbns_rq.c

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-228354-3630-oXIzxEbbDm>