diff mbox series

[5/5] support/nfs/exports.c - Small changes

Message ID 20241206221202.31507-6-christopherbii@hyub.org (mailing list archive)
State Handled Elsewhere
Headers show
Series nfs export symlink vulnerability fix (duplicate(ish)) | expand

Commit Message

Christopher Bii Dec. 6, 2024, 10:11 p.m. UTC
Signed-off-by: Christopher Bii <christopherbii@hyub.org>
---
 support/nfs/exports.c | 48 ++++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 21 deletions(-)
diff mbox series

Patch

diff --git a/support/nfs/exports.c b/support/nfs/exports.c
index 21ec6486..3c2d4d46 100644
--- a/support/nfs/exports.c
+++ b/support/nfs/exports.c
@@ -186,28 +186,34 @@  getexportent(int fromkernel)
 	}
 	ee.e_hostname = xstrdup(hostname);
 
-	if (parseopts(opt, &ee, NULL) < 0) {
-		if(ee.e_hostname)
-		{
-			xfree(ee.e_hostname);
-			ee.e_hostname=NULL;
-		}
-		if(ee.e_uuid)
-		{
-			xfree(ee.e_uuid);
-			ee.e_uuid=NULL;
-		}
+	if (parseopts(opt, &ee, NULL) < 0)
+                goto out;
 
-		return NULL;
-	}
 	/* resolve symlinks */
-	if (nfsd_realpath(ee.e_path, rpath) != NULL) {
-		rpath[sizeof (rpath) - 1] = '\0';
-		strncpy(ee.e_path, rpath, sizeof (ee.e_path) - 1);
-		ee.e_path[sizeof (ee.e_path) - 1] = '\0';
-	}
+	if (nfsd_realpath(ee.e_path, rpath) == NULL) {
+                xlog(L_ERROR, "nfsd_realpath(): unable to resolve path %s", ee.e_path);
+                goto out;
+        };
 
-	return &ee;
+        if (strlen(rpath) > sizeof(ee.e_path) - 1){
+                xlog(L_ERROR, "%s: export path %s exceeds limit(%lu)", __func__, rpath, sizeof(ee.e_path) - 1);
+                goto out;
+        };
+
+        strcpy(ee.e_path, rpath);
+        return &ee;
+
+out:
+        if (ee.e_hostname){
+                free(ee.e_hostname);
+                ee.e_hostname = NULL;
+        };
+        if (ee.e_uuid){
+                free(ee.e_uuid);
+                ee.e_uuid = NULL;
+        };
+
+        return NULL;
 }
 
 static const struct secinfo_flag_displaymap {
@@ -432,8 +438,8 @@  mkexportent(char *hname, char *path, char *options)
 		xlog(L_ERROR, "path name %s too long", path);
 		return NULL;
 	}
-	strncpy(ee.e_path, path, sizeof (ee.e_path));
-	ee.e_path[sizeof (ee.e_path) - 1] = '\0';
+	strcpy(ee.e_path, path);
+
 	if (parseopts(options, &ee, NULL) < 0)
 		return NULL;
 	return &ee;