In mount.h, we have a #define MNAMELEN 80
and in struct statfs {} we have:
char f_mntonname[MNAMELEN]; /* directory on which mounted */
but the kernel does no check to see if the mountpath is longer
than MNAMELEN, it just accepts it ? It's impossible to umount(8)
it, because umount(8) does not like to unmount some device which
does not belong to the mountpoint.
--- vfs_syscalls.c Sun Nov 26 03:30:05 2000
+++ vfs_syscalls.c.new Thu Feb 15 18:22:13 2001
@@ -140,6 +140,8 @@
/*
* Get vnode to be covered
*/
+ if (strlen(SCARG(uap, path)) > MNAMELEN)
+ return (ENAMETOOLONG);
NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
SCARG(uap, path), p);
if ((error = namei(&nd)) != 0)
Martin Blapp, [EMAIL PROTECTED]
------------------------------------------------
Improware AG, UNIX solution and service provider
Zurlindenstrasse 29, 4133 Pratteln, Switzerland
Phone: +41 79 370 26 05, Fax: +41 61 826 93 01
------------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
