From 02ef7f6810ead7446dc9ccf4b54caf1bb6183111 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@dragonflybsd.org>
Date: Sat, 19 Jul 2008 04:44:15 +0000
Subject: [PATCH] MFC 1.25: O_CREAT was being allowed to leak through a
 read-only NFS export.

---
 sys/kern/vfs_nlookup.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/sys/kern/vfs_nlookup.c b/sys/kern/vfs_nlookup.c
index 5c15320844..422832caa4 100644
--- a/sys/kern/vfs_nlookup.c
+++ b/sys/kern/vfs_nlookup.c
@@ -31,7 +31,7 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  * 
- * $DragonFly: src/sys/kern/vfs_nlookup.c,v 1.24 2008/05/09 17:52:17 dillon Exp $
+ * $DragonFly: src/sys/kern/vfs_nlookup.c,v 1.24.2.1 2008/07/19 04:44:15 dillon Exp $
  */
 /*
  * nlookup() is the 'new' namei interface.  Rather then return directory and
@@ -455,8 +455,12 @@ nlookup(struct nlookupdata *nd)
 	for (xptr = ptr; *xptr == '/'; ++xptr)
 		;
 	if (*xptr == 0) {
-	    if (error == ENOENT && (nd->nl_flags & NLC_CREATE))
-		error = naccess(&nch, VCREATE, nd->nl_cred);
+	    if (error == ENOENT && (nd->nl_flags & NLC_CREATE)) {
+		if (nd->nl_flags & NLC_NFS_RDONLY)
+			error = EROFS;
+		else
+			error = naccess(&nch, VCREATE, nd->nl_cred);
+	    }
 	    if (error == 0 && wasdotordotdot && (nd->nl_flags & NLC_DELETE))
 		error = EINVAL;
 	}
-- 
2.41.0