artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 145d14d)
the domainname is under root control, but because we are producing a path
authorderaadt <deraadt@openbsd.org>
Mon, 18 Jul 2022 04:42:37 +0000 (04:42 +0000)
committerderaadt <deraadt@openbsd.org>
Mon, 18 Jul 2022 04:42:37 +0000 (04:42 +0000)
inside ypconnect(), it is best if we prevent "../" problems.  so reject
domainnames containing '/.
discussed with jca

sys/kern/uipc_syscalls.c patch | blob | history

diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c
index 946ba12..617026e 100644 (file)
--- a/sys/kern/uipc_syscalls.c
+++ b/sys/kern/uipc_syscalls.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uipc_syscalls.c,v 1.198 2022/07/18 03:02:05 deraadt Exp $     */
+/*     $OpenBSD: uipc_syscalls.c,v 1.199 2022/07/18 04:42:37 deraadt Exp $     */
 /*     $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $      */
 
 /*
@@ -1331,7 +1331,7 @@ sys_ypconnect(struct proc *p, void *v, register_t *retval)
        } __packed data;
        struct sockaddr_in ypsin;
 
-       if (!domainname[0])
+       if (!domainname[0] || strchr(domainname, '/'))
                return EAFNOSUPPORT;
 
        switch (SCARG(uap, type)) {
OpenBSD src
by Ahmet Artu Yildirim