nfsm_srvnamesiz() may set up an NFSERR_NAMETOL error, which nfsm_reply() would
authormiod <miod@openbsd.org>
Tue, 10 Sep 2024 18:44:04 +0000 (18:44 +0000)
committermiod <miod@openbsd.org>
Tue, 10 Sep 2024 18:44:04 +0000 (18:44 +0000)
commit8e9d9dd5c33e0e030dfe90398bf77e117da89540
treebcc61b1bf681baba8128bb9529dc40c17f10d9f4
parent9ea79117387896bdaec5eebc6843a41bfc840b9b
nfsm_srvnamesiz() may set up an NFSERR_NAMETOL error, which nfsm_reply() would
consider as not tragic enough to abort the operation, in order to batch error
replies.

This would end up invoking nfs_namei() using an uninitialized variable as
length, and Bad Things(TM) would happen.

Reported by Claes M Nyberg on bugs@; tweaks & ok claudio@
sys/nfs/nfs_serv.c