From e47b21c860706bb6913ec478fd4cac499a93d232 Mon Sep 17 00:00:00 2001
From: Erwin Lansing <erwin@FreeBSD.org>
Date: Thu, 22 Dec 2005 21:02:12 +0000
Subject: The attached patch fixes a buffer overflow vulnerability and fixes
 building on FreeBSD 7.0. Furthermore nbd.h has been updated to a version from
 a newer Linux kernel.

Requested by:	remko
---
 net/nbd-server/files/patch-nbd-server.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 net/nbd-server/files/patch-nbd-server.c

(limited to 'net/nbd-server/files/patch-nbd-server.c')

diff --git a/net/nbd-server/files/patch-nbd-server.c b/net/nbd-server/files/patch-nbd-server.c
new file mode 100644
index 000000000000..383f8961562c
--- /dev/null
+++ b/net/nbd-server/files/patch-nbd-server.c
@@ -0,0 +1,26 @@
+diff -urN nbd-2.8.2.orig/nbd-server.c nbd-2.8.2/nbd-server.c
+--- nbd-2.8.2.orig/nbd-server.c	Wed Nov  9 22:38:44 2005
++++ nbd-server.c	Thu Dec 22 16:04:47 2005
+@@ -363,11 +363,11 @@
+  * is severely wrong)
+  **/
+ void sigchld_handler(int s) {
+-        int* status=NULL;
++        int status;
+ 	int* i;
+ 	pid_t pid;
+ 
+-	while((pid=wait(status)) > 0) {
++	while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
+ 		if(WIFEXITED(status)) {
+ 			msg3(LOG_INFO, "Child exited with %d", WEXITSTATUS(status));
+ 		}
+@@ -684,7 +684,7 @@
+ 
+ 		if (request.magic != htonl(NBD_REQUEST_MAGIC))
+ 			err("Not enough magic.");
+-		if (len > BUFSIZE)
++		if (len > (BUFSIZE-sizeof(struct nbd_reply)))
+ 			err("Request too big!");
+ #ifdef DODBG
+ 		printf("%s from %Lu (%Lu) len %d, ", request.type ? "WRITE" :
-- 
cgit v1.2.3