diff options
| author |   naddy <naddy@openbsd.org> | 2020-08-06 17:57:32 +0000 |
|---|---|---|
| committer | naddy <naddy@openbsd.org> | 2020-08-06 17:57:32 +0000 |
| commit | 81321921aaa3a28c6d2eb415566ea5051bc25f52 (patch) | |
| tree | f48b81de16cd77cd25f372e4565ac59c6c595865 | |
| parent | timeout(9): fix miscellaneous remote kcov(4) bugs (diff) | |
| download | wireguard-openbsd-81321921aaa3a28c6d2eb415566ea5051bc25f52.tar.xz wireguard-openbsd-81321921aaa3a28c6d2eb415566ea5051bc25f52.zip | |
Avoid reading one byte before the path buffer.
This happens when there's only one component (e.g. "/foo"). This
bug has been present since June 1990 when it was commited to mountd.c
SCCS version 5.9.
Note: the bug is on the second changed line, the first line is changed
for visual consistency.
From CheriBSD via FreeBSD
ok millert@ deraadt@
| -rw-r--r-- | sbin/mountd/mountd.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sbin/mountd/mountd.c b/sbin/mountd/mountd.c index 5a5ed87d024..1f4e5d40145 100644 --- a/sbin/mountd/mountd.c +++ b/sbin/mountd/mountd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mountd.c,v 1.88 2020/01/24 18:51:45 espie Exp $ */ +/* $OpenBSD: mountd.c,v 1.89 2020/08/06 17:57:32 naddy Exp $ */ /* $NetBSD: mountd.c,v 1.31 1996/02/18 11:57:53 fvdl Exp $ */ /* @@ -2021,9 +2021,9 @@ do_mount(struct exportlist *ep, struct grouplist *grp, int exflags, #endif } /* back up over the last component */ - while (*cp == '/' && cp > dirp) + while (cp > dirp && *cp == '/') cp--; - while (*(cp - 1) != '/' && cp > dirp) + while (cp > dirp && *(cp - 1) != '/') cp--; if (cp == dirp) { if (debug) |