From nobody Fri Dec 10 00:57:39 2021
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9EA2C18D45CB;
	Fri, 10 Dec 2021 00:57:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4J9CDh07R9z4dr5;
	Fri, 10 Dec 2021 00:57:40 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D3BCF1132C;
	Fri, 10 Dec 2021 00:57:39 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BA0vdf7026970;
	Fri, 10 Dec 2021 00:57:39 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BA0vd3S026969;
	Fri, 10 Dec 2021 00:57:39 GMT
	(envelope-from git)
Date: Fri, 10 Dec 2021 00:57:39 GMT
Message-Id: <202112100057.1BA0vd3S026969@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Rick Macklem <rmacklem@FreeBSD.org>
Subject: git: 815a7affac83 - stable/13 - nfscl: Sanity check irdcnt in nfsrpc_createsession
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: rmacklem
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: 815a7affac8314de7546c2083cc9a6acf414ee54
Auto-Submitted: auto-generated
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1639097860;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qIn2uYHpvZikj247S3rvpL2h0Nm8ddcBhtL+vvixQBE=;
	b=aXZQhhKpM44aGBz/RznXYr9sDrnSmdTW5cRFmWKuLz+RreDTuZK8RrIaJj9X0au7fbLGYK
	MhAXZ+Fu0CJn1drcIE5FV+38DbZzvFyz265crPyyAZeIvJD/r03tA5pPMsc8hq7wxn0+kB
	MRs4IZKo5q1zzguCzFldIiX0Z7Nc23NvStYpSpWI2pZh3RlA5noUQa4M/KSz3HwziICF3t
	6iLbdGsllBtYxKk0HpnEEuS7jgnrbe1MDJTEhrzG4h8GxRo29ovs6n9PMv6gqXojqm9gfD
	EmnFHHhNkyNIbQL3qedC9hiYqwuXc97xMLFhD4dkG4O0dd97EvYs4cdd7J2y/g==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639097860; a=rsa-sha256; cv=none;
	b=d3cSrlrdz2J+IqRPzxkE2jnAJzVSELVw5teZ+R1sKnDdzdO5kR5Uaa2jgY05psJIAft6Xi
	CkEcHwAfkcNRdhBR2BaiHiU1BTARiSx9FWP6ZbmILpN9RGJj1XUqiHS4ljdRHOpOgNOdSH
	Z672qhQzUsFM4omwnOTaYrkGoCy+FrkdCm53hlEmbOCXa4jZSkuGUV3nnn2oMYNUXUAcwn
	h4QtLZHTqJisLNtoeLYoHm1ic3ZNtc62FAYhlK+gqJr2d31ol2IKJExZBco14CVuTs5xtG
	+J0U4vy9dH7KjSm8j/f70vkAwDcJRXmx3RbmPTkpJ0llvVwt3rODXBxCFT+f8A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
X-ThisMailContainsUnwantedMimeParts: N

The branch stable/13 has been updated by rmacklem:

URL: https://cgit.FreeBSD.org/src/commit/?id=815a7affac8314de7546c2083cc9a6acf414ee54

commit 815a7affac8314de7546c2083cc9a6acf414ee54
Author:     Rick Macklem <rmacklem@FreeBSD.org>
AuthorDate: 2021-11-26 23:28:40 +0000
Commit:     Rick Macklem <rmacklem@FreeBSD.org>
CommitDate: 2021-12-10 00:54:18 +0000

    nfscl: Sanity check irdcnt in nfsrpc_createsession
    
    PR:     259996
    
    (cherry picked from commit 22f7bcb523e7138248832fb304559c8f23276e08)
---
 sys/fs/nfsclient/nfs_clrpcops.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/fs/nfsclient/nfs_clrpcops.c b/sys/fs/nfsclient/nfs_clrpcops.c
index b616cd729ab1..a87495da8568 100644
--- a/sys/fs/nfsclient/nfs_clrpcops.c
+++ b/sys/fs/nfsclient/nfs_clrpcops.c
@@ -4987,6 +4987,10 @@ nfsrpc_createsession(struct nfsmount *nmp, struct nfsclsession *sep,
 		sep->nfsess_foreslots = fxdr_unsigned(uint16_t, *tl++);
 		NFSCL_DEBUG(4, "fore slots=%d\n", (int)sep->nfsess_foreslots);
 		irdcnt = fxdr_unsigned(int, *tl);
+		if (irdcnt < 0 || irdcnt > 1) {
+			error = NFSERR_BADXDR;
+			goto nfsmout;
+		}
 		if (irdcnt > 0)
 			NFSM_DISSECT(tl, uint32_t *, irdcnt * NFSX_UNSIGNED);