From nobody Fri Sep 27 22:19:48 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XFlJP016kz5XKM4; Fri, 27 Sep 2024 22:19:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XFlJN69cZz4lpy; Fri, 27 Sep 2024 22:19:48 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727475588; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iTWKZgn8VkfO2ENLdRWG8rYB1pbzCNyPXn5Q16gNlI0=; b=H80QXd8oiyriFHs6KfgD4kqLVOv4xPFBgy014GM/xtdXNt9k8IWwENwY5TJSpAZBm0SpDj IqyFfl7wsSrx3w9GmlI9hIZadOurvvevhouvBS5LENCilLpXFaa0ndUYPzGDXRZiXExZIr 4WqaUDbbF2vRSKbdL9tRZRXBuVPvGdUkmebu4Iq7EUcqtsuzo2zKXnKB8x5o0toGITLAfY s1IPvN1NSoubYYQCTjUqzRPbPgKImh6e2PbyrEfIAqF9ZTu5aExNYdLGW+VCGEm+19EbrL 1SBh1wzJBDIdi8mlIcURVmg9mr1EjY+oDPrxkVgGS4s1GWGI/DmWj09/Ri1nzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1727475588; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=iTWKZgn8VkfO2ENLdRWG8rYB1pbzCNyPXn5Q16gNlI0=; b=i9HgQTIgem02tNU/dRnomYO/H8Ib5fV9hc1wM/DKPCu/c5lreaDJNMLuL6s1NiiPfLZlb4 Axr9kEbdtQpFmYagOvS4jkAGCAOiBgf4FJrWL8FqeknHbNif353djzMk7NP5drt0i4x0l2 LuUWeJGjFhGprMM67fShuL2pieE7d44Qe/nGox+6K8EZcbcjNARdFMhcGjtsiB5iDyptDp k9VGE4voo4XWXyUgy8oUBHTLN1E2zBifV0yMd8nRzPb13R7402i9qXOMUesVnZ2GFAAe3e fhsCH77/mRhYSsxhXKYTzZf92YIYaPpZwvCy6m3QzPstGEJDMYmdgqs3/4T8kg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727475588; a=rsa-sha256; cv=none; b=B7SZnF5WKvqm/oLP5a+2UUPUwHR4h+OxJcnhOLl4gelHdkZBwd5Mbev21PhauA8tvsIgv0 ZJD2SYyJGYkrv15//db+10/qYW0oWC4i5HXxL1iWodU4sdJaNjB9/jVAFQ07RURhjOtumw hC9i/MBs8P0gukLgWvVQ0LtTVWt0ExCmUDHqCDbJsc09dEXhr41FAhoyl9fsET91R/iypZ cvk21/QP91OT4xR/aKvXf/qtAbPAC709bq7BlNF09sUlA53v+0GSdKBJrLsKICJ2BNrtYL +SS3WDFk7bYKcO3Fv+Kh7ct37uEAeFsDlED01ngN57Ev7FYtwdPyygJmkBRINA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XFlJN59KzzyN8; Fri, 27 Sep 2024 22:19:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48RMJm9D039842; Fri, 27 Sep 2024 22:19:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48RMJmmC039839; Fri, 27 Sep 2024 22:19:48 GMT (envelope-from git) Date: Fri, 27 Sep 2024 22:19:48 GMT Message-Id: <202409272219.48RMJmmC039839@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Rick Macklem Subject: git: 132f5d03d358 - stable/13 - mountd: Add check for "=" after exports(5) options List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rmacklem X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 132f5d03d358d89d4030de9173cd6ca5b4b48d68 Auto-Submitted: auto-generated The branch stable/13 has been updated by rmacklem: URL: https://cgit.FreeBSD.org/src/commit/?id=132f5d03d358d89d4030de9173cd6ca5b4b48d68 commit 132f5d03d358d89d4030de9173cd6ca5b4b48d68 Author: Rick Macklem AuthorDate: 2024-09-06 23:41:12 +0000 Commit: Rick Macklem CommitDate: 2024-09-27 22:18:46 +0000 mountd: Add check for "=" after exports(5) options Some exports(5) options take a "=arg" component that provides an argument value for the option. Others do not. Without this patch, if "=arg" was provided for an option that did not take an argument value, the "=arg" was simply ignored. This could result in confusion w.r.t. what was being exported, as noted by the Problem Report. This patch adds a check for "=arg" for the options that do not take an argument value and fails the exports line if one is found. PR: 281003 (cherry picked from commit 3df987c99d1194a0e43a84853e934aa0c0ab09db) --- usr.sbin/mountd/mountd.c | 44 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/usr.sbin/mountd/mountd.c b/usr.sbin/mountd/mountd.c index eba59ebf00a4..492d7a5e3647 100644 --- a/usr.sbin/mountd/mountd.c +++ b/usr.sbin/mountd/mountd.c @@ -2784,7 +2784,7 @@ do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp, { char *cpoptarg, *cpoptend; char *cp, *endcp, *cpopt, savedc, savedc2; - int allflag, usedarg; + int allflag, usedarg, fnd_equal; savedc2 = '\0'; cpopt = *cpp; @@ -2795,14 +2795,18 @@ do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp, while (cpopt && *cpopt) { allflag = 1; usedarg = -2; + fnd_equal = 0; if ((cpoptend = strchr(cpopt, ','))) { *cpoptend++ = '\0'; - if ((cpoptarg = strchr(cpopt, '='))) + if ((cpoptarg = strchr(cpopt, '='))) { *cpoptarg++ = '\0'; + fnd_equal = 1; + } } else { - if ((cpoptarg = strchr(cpopt, '='))) + if ((cpoptarg = strchr(cpopt, '='))) { *cpoptarg++ = '\0'; - else { + fnd_equal = 1; + } else { *cp = savedc; nextfield(&cp, &endcp); **endcpp = '\0'; @@ -2815,6 +2819,10 @@ do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp, } } if (!strcmp(cpopt, "ro") || !strcmp(cpopt, "o")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } *exflagsp |= MNT_EXRDONLY; } else if (cpoptarg && (!strcmp(cpopt, "maproot") || !(allflag = strcmp(cpopt, "mapall")) || @@ -2853,15 +2861,31 @@ do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp, usedarg++; opt_flags |= OP_NET; } else if (!strcmp(cpopt, "alldirs")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } opt_flags |= OP_ALLDIRS; } else if (!strcmp(cpopt, "public")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } *exflagsp |= MNT_EXPUBLIC; } else if (!strcmp(cpopt, "webnfs")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } *exflagsp |= (MNT_EXPUBLIC|MNT_EXRDONLY|MNT_EXPORTANON); opt_flags |= OP_MAPALL; } else if (cpoptarg && !strcmp(cpopt, "index")) { ep->ex_indexfile = strdup(cpoptarg); } else if (!strcmp(cpopt, "quiet")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } opt_flags |= OP_QUIET; } else if (cpoptarg && !strcmp(cpopt, "sec")) { if (parsesec(cpoptarg, ep)) @@ -2869,10 +2893,22 @@ do_opt(char **cpp, char **endcpp, struct exportlist *ep, struct grouplist *grp, opt_flags |= OP_SEC; usedarg++; } else if (!strcmp(cpopt, "tls")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } *exflagsp |= MNT_EXTLS; } else if (!strcmp(cpopt, "tlscert")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT); } else if (!strcmp(cpopt, "tlscertuser")) { + if (fnd_equal == 1) { + syslog(LOG_ERR, "= after op: %s", cpopt); + return (1); + } *exflagsp |= (MNT_EXTLS | MNT_EXTLSCERT | MNT_EXTLSCERTUSER); } else {