From 925374d4538beff4ffddc35f8f28ec92949edaff Mon Sep 17 00:00:00 2001
From: "Simon L. B. Nielsen" <simon@FreeBSD.org>
Date: Wed, 1 Mar 2006 14:17:32 +0000
Subject: [PATCH] Correct a remote kernel panic when processing zero-length RPC
 records via TCP. [06:10]

Security:	FreeBSD-SA-06:10.nfs
Approved by:	cperciva
---
 sys/nfsserver/nfs_srvsock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys/nfsserver/nfs_srvsock.c b/sys/nfsserver/nfs_srvsock.c
index b17474c5047..50c7cbfaa79 100644
--- a/sys/nfsserver/nfs_srvsock.c
+++ b/sys/nfsserver/nfs_srvsock.c
@@ -592,7 +592,7 @@ nfsrv_getstream(struct nfssvc_sock *slp, int waitflag)
 			slp->ns_flag |= SLP_LASTFRAG;
 		else
 			slp->ns_flag &= ~SLP_LASTFRAG;
-		if (slp->ns_reclen > NFS_MAXPACKET) {
+		if (slp->ns_reclen > NFS_MAXPACKET || slp->ns_reclen <= 0) {
 			slp->ns_flag &= ~SLP_GETSTREAM;
 			return (EPERM);
 		}