On Wed, Jan 12, 2022 at 11:30:44AM +0100, Moritz Buhl wrote: > Hi tech@, > > https://github.com/openbsd/src/commit/0ea6bae06233cd25645df14602c3eda6bdff7dca.patch > > the patch forgot to add mrep to the info struct, nfsm_dissect could > pass info.nmi_mrep to m_freem, which is currently uninitialized > stack memory. > > Index: sys/nfs/nfs_subs.c > =================================================================== > RCS file: /mount/openbsd/cvs/src/sys/nfs/nfs_subs.c,v > retrieving revision 1.145 > diff -u -p -r1.145 nfs_subs.c > --- sys/nfs/nfs_subs.c 11 Jan 2022 03:13:59 -0000 1.145 > +++ sys/nfs/nfs_subs.c 12 Jan 2022 09:31:52 -0000 > @@ -1841,6 +1841,7 @@ nfsm_srvsattr(struct mbuf **mp, struct v > > info.nmi_md = *mp; > info.nmi_dpos = *dposp; > + info.nmi_mrep = mrep; > > nfsm_dissect(tl, u_int32_t *, NFSX_UNSIGNED); > if (*tl == nfs_true) { >
OK stsp@ (without assuming any responsibility for NFS)
