Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nfs_namei() should not return a non-null path buffer except on success, 

even though the callers are apparently prepared to cope.

Fixes last tidyup part of PR 44625.
This commit is contained in:
dholland 2011-08-08 16:04:07 +00:00
parent c5bd226919
commit ce8c87ef91
2 changed files with 49 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
sys/nfs/nfs_serv.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: nfs_serv.c,v 1.159 2011/04/18 00:38:33 dholland Exp $ */
/* $NetBSD: nfs_serv.c,v 1.160 2011/08/08 16:04:07 dholland Exp $ */
/*
* Copyright (c) 1989, 1993
@ -55,7 +55,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: nfs_serv.c,v 1.159 2011/04/18 00:38:33 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: nfs_serv.c,v 1.160 2011/08/08 16:04:07 dholland Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@ -1911,7 +1911,9 @@ nfsrv_rename(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *l
nfsm_srvwcc_data(tdirfor_ret, &tdirfor, tdiraft_ret, &tdiraft);
if (fdirp)
vrele(fdirp);
pathbuf_destroy(fromnd.ni_pathbuf);
if (fromnd.ni_pathbuf != NULL) {
pathbuf_destroy(fromnd.ni_pathbuf);
}
return (0);
}
if (fromnd.ni_dvp != fromnd.ni_vp) {
@ -2060,7 +2062,10 @@ out:
if (error == -1)
error = 0;
}
pathbuf_destroy(tond.ni_pathbuf);
if (tond.ni_pathbuf != NULL) {
pathbuf_destroy(tond.ni_pathbuf);
tond.ni_pathbuf = NULL;
}
tond.ni_cnd.cn_nameiop = 0;
out1:
if (fdirp) {
@ -2078,6 +2083,7 @@ out1:
tdirp = NULL;
}
pathbuf_destroy(fromnd.ni_pathbuf);
fromnd.ni_pathbuf = NULL;
fromnd.ni_cnd.cn_nameiop = 0;
localfs = NULL;
nfsm_reply(2 * NFSX_WCCDATA(v3));
@ -2095,14 +2101,20 @@ nfsmout:
vrele(tdirp);
#endif
if (tond.ni_cnd.cn_nameiop) {
pathbuf_destroy(tond.ni_pathbuf);
if (tond.ni_pathbuf != NULL) {
pathbuf_destroy(tond.ni_pathbuf);
tond.ni_pathbuf = NULL;
}
}
if (localfs) {
VFS_RENAMELOCK_EXIT(localfs);
}
if (fromnd.ni_cnd.cn_nameiop) {
VOP_ABORTOP(fromnd.ni_dvp, &fromnd.ni_cnd);
pathbuf_destroy(fromnd.ni_pathbuf);
if (fromnd.ni_pathbuf != NULL) {
pathbuf_destroy(fromnd.ni_pathbuf);
fromnd.ni_pathbuf = NULL;
}
vrele(fromnd.ni_dvp);
vrele(fvp);
}
@ -2189,7 +2201,10 @@ out1:
vrele(dirp);
}
vrele(vp);
pathbuf_destroy(nd.ni_pathbuf);
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
nfsm_reply(NFSX_POSTOPATTR(v3) + NFSX_WCCDATA(v3));
if (v3) {
nfsm_srvpostop_attr(getret, &at);
@ -2305,7 +2320,10 @@ out:
vrele(dirp);
dirp = NULL;
}
pathbuf_destroy(nd.ni_pathbuf);
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
abort = 0;
nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_POSTOPATTR(v3) +
NFSX_WCCDATA(v3));
@ -2326,7 +2344,10 @@ nfsmout:
vput(nd.ni_dvp);
if (nd.ni_vp)
vrele(nd.ni_vp);
pathbuf_destroy(nd.ni_pathbuf);
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
}
if (dirp)
vrele(dirp);
@ -2374,6 +2395,7 @@ nfsrv_mkdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lw
if (error) {
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
nfsm_reply(NFSX_WCCDATA(v3));
nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
@ -2419,7 +2441,10 @@ out:
vrele(dirp);
dirp = NULL;
}
pathbuf_destroy(nd.ni_pathbuf);
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
abort = 0;
nfsm_reply(NFSX_SRVFH(&nsfh, v3) + NFSX_POSTOPATTR(v3) +
NFSX_WCCDATA(v3));
@ -2444,7 +2469,10 @@ nfsmout:
vput(nd.ni_dvp);
if (nd.ni_vp)
vrele(nd.ni_vp);
pathbuf_destroy(nd.ni_pathbuf);
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
}
if (dirp)
vrele(dirp);
@ -2487,6 +2515,7 @@ nfsrv_rmdir(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp, struct lwp *lw
if (error) {
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
nfsm_reply(NFSX_WCCDATA(v3));
nfsm_srvwcc_data(dirfor_ret, &dirfor, diraft_ret, &diraft);
@ -2524,7 +2553,10 @@ out:
vput(nd.ni_dvp);
vput(vp);
}
pathbuf_destroy(nd.ni_pathbuf);
if (nd.ni_pathbuf != NULL) {
pathbuf_destroy(nd.ni_pathbuf);
nd.ni_pathbuf = NULL;
}
if (dirp) {
if (v3) {
diraft_ret = VOP_GETATTR(dirp, &diraft, cred);

10
sys/nfs/nfs_srvsubs.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: nfs_srvsubs.c,v 1.10 2011/04/11 01:33:05 dholland Exp $ */
/* $NetBSD: nfs_srvsubs.c,v 1.11 2011/08/08 16:04:07 dholland Exp $ */
/*
* Copyright (c) 1989, 1993
@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: nfs_srvsubs.c,v 1.10 2011/04/11 01:33:05 dholland Exp $");
__KERNEL_RCSID(0, "$NetBSD: nfs_srvsubs.c,v 1.11 2011/08/08 16:04:07 dholland Exp $");
#include <sys/param.h>
#include <sys/proc.h>
@ -259,12 +259,12 @@ nfs_namei(struct nameidata *ndp, nfsrvfh_t *nsfh, uint32_t len, struct nfssvc_so
/*
* And call lookup() to do the real work
*
* Note: ndp->ni_pathbuf is left undestroyed; caller must
* clean it up.
* Note: ndp->ni_pathbuf is left undestroyed on success;
* caller must clean it up.
*/
error = lookup_for_nfsd(ndp, dp, neverfollow);
if (error) {
return (error);
goto out;
}
return 0;