HomeFreeBSD

nfscl: Scan readdir reply filenames for invalid characters

Description

nfscl: Scan readdir reply filenames for invalid characters

The NFS RFCs are pretty loose with respect to what characters
can be in a filename returned by a Readdir. However, FreeBSD,
as a POSIX system will not handle imbedded '/' or nul characters
in file names. Also, for NFSv4, the file names "." and ".."
are handcrafted on the client and should not be returned by a
NFSv4 server.

This patch scans for the above in filenames returned by Readdir and
ignores any entry returned by Readdir which has them in it.
Because an imbedded nul would be a string terminator, it was
not possible to code this check efficiently using string(3)
functions.

Reported by: Apple Security Engineering and Architecture (SEAR)

(cherry picked from commit 026cdaa3b3a92574d9ac3155216e5cc0b0bd4c51)

Details

Provenance
rmacklemAuthored on Jul 21 2024, 10:56 PM
Parents
rG35bde8969eb6: pf tests: fix sctp:timeout test
Branches
Unknown
Tags
Unknown