--- a/usr/src/uts/common/fs/nfs/nfs_server.c Mon Jun 29 06:20:33 2009 -0700
+++ b/usr/src/uts/common/fs/nfs/nfs_server.c Mon Jun 29 11:32:01 2009 -0500
@@ -2009,8 +2009,8 @@
int anon_res = 0;
/*
- * Check for privileged port number
- * N.B.: this assumes that we know the format of a netbuf.
+ * Check for privileged port number
+ * N.B.: this assumes that we know the format of a netbuf.
*/
if (nfs_portmon) {
struct sockaddr *ca;
@@ -2259,6 +2259,31 @@
cs->access &= ~CS_ACCESS_LIMITED;
/*
+ * Check for privileged port number
+ * N.B.: this assumes that we know the format of a netbuf.
+ */
+ if (nfs_portmon) {
+ struct sockaddr *ca;
+ ca = (struct sockaddr *)svc_getrpccaller(req->rq_xprt)->buf;
+
+ if (ca == NULL)
+ return (0);
+
+ if ((ca->sa_family == AF_INET &&
+ ntohs(((struct sockaddr_in *)ca)->sin_port) >=
+ IPPORT_RESERVED) ||
+ (ca->sa_family == AF_INET6 &&
+ ntohs(((struct sockaddr_in6 *)ca)->sin6_port) >=
+ IPPORT_RESERVED)) {
+ cmn_err(CE_NOTE,
+ "nfs_server: client %s%ssent NFSv4 request from "
+ "unprivileged port",
+ client_name(req), client_addr(req, buf));
+ return (0);
+ }
+ }
+
+ /*
* Check the access right per auth flavor on the vnode of
* this export for the given request.
*/