Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 74070
Alias:
Product:
Component:
Status: RESOLVED
Resolution: INVALID
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
74070.patch Patch patch Tim Yamin (RETIRED) 2005-04-07 05:15 0000 525 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 74070 depends on: Show dependency tree
Bug 74070 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-12-11 00:47 0000 
the sunrpc-multiple-programs patch, which is part of the nfsacl protocol
extension for 2.6 kernels, contains a bug that crashes the kernel nfs
deamon with a NULL pointer access when a client requests an unknown
program number. The incremental fix from Olaf Kirch (thanks) is as
follows:


Index: linux-2.6.5/net/sunrpc/svc.c
===================================================================
--- linux-2.6.5.orig/net/sunrpc/svc.c   2004-11-19 11:22:19.000000000 +0100
+++ linux-2.6.5/net/sunrpc/svc.c        2004-12-10 15:48:40.000000000 +0100
@@ -450,7 +450,7 @@ err_bad_auth:
 err_bad_prog:
 #ifdef RPC_PARANOIA
        if (prog != 100227 || serv->sv_program->pg_prog != 100003)
-               printk("svc: unknown program %d (me %d)\n", prog, progp->pg_prog);
+               printk("svc: unknown program %d (me %d)\n", prog, serv->sv_program->pg_prog);
        /* else it is just a Solaris client seeing if ACLs are supported */
 #endif
        serv->sv_stats->rpcbadfmt++;


The version found at http://acl.bestbits.at/nfsacl/2.6.9-rc2/ includes
this fix. I will announce this on acl-devel@bestbits.at next week.

The 2.4 kernel patches are not affected.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-01-13 04:21:37 0000 ------- 
Now public

------- Comment #2 From Adam Mondl (RETIRED) 2005-01-14 01:10:25 0000 ------- 
Fixed in ~x86 hardened-dev-sources-2.6.10-r2

------- Comment #3 From Daniel Drake 2005-01-19 03:43:46 0000 ------- 
gentoo-dev-sources is done
the patch is here: http://dev.gentoo.org/~dsd/gentoo-dev-sources/release-10.07/dist/1150_sunrpc-nfsacl.patch

------- Comment #4 From Thierry Carrez (RETIRED) 2005-03-16 03:16:44 0000 ------- 
Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

------- Comment #5 From Tim Yamin (RETIRED) 2005-04-07 05:15:48 0000 ------- 
Created an attachment (id=55551) [details]
Patch

------- Comment #6 From Tim Yamin (RETIRED) 2005-04-07 05:17:19 0000 ------- 
Following sources still need patching:

hppa-sources: Adding GMSoft...
mips-sources: Adding Kumba...
pegasos-sources: Adding dholm...
rsbac-sources: Adding kang...

------- Comment #7 From Guillaume Destuynder (RETIRED) 2005-04-08 02:37:55 0000 ------- 
rsbac-sources fixed in rsbac-sources-2.6.11-r2

------- Comment #8 From Joshua Kinard 2005-04-23 22:21:57 0000 ------- 
mips-sources fixed.

------- Comment #9 From Daniel Drake 2005-06-22 06:53:49 0000 ------- 
This patch can be dropped. It only applies to the multiple programs (Support
multiple program numbers on one RPC transport) functionality provided by the
nfsacl extention patches not yet merged upstream. Normal sunrpc users are not
affected.

------- Comment #10 From Tim Yamin (RETIRED) 2005-07-21 12:18:20 0000 ------- 
Closing bug as per comment #9.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug