222249 – Kernel: NFS: Possible NULL pointer dereference in fs/nfs/super.c (GENERIC-MAP-NOMATCH)

Bug 222249 - Kernel: NFS: Possible NULL pointer dereference in fs/nfs/super.c (GENERIC-MAP-NOMATCH)

Summary: Kernel: NFS: Possible NULL pointer dereference in fs/nfs/super.c (GENERIC-MAP...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux >=2.6.25 <2.6.26]
Keywords:

Depends on:
Blocks:

Reported:	2008-05-15 12:37 UTC by Gordon Malm (RETIRED)
Modified:	2013-09-05 03:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gordon Malm (RETIRED) gentoo-dev

2008-05-15 12:37:01 UTC

There is possible NULL pointer dereference if kstr[n]dup failed.

http://www.gossamer-threads.com/lists/linux/kernel/906985
http://www.gossamer-threads.com/lists/linux/kernel/910259
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=63649bd7080a6a50fabcb1935f4b7c4e64155066

The latest Linux Kernel (2.6.25.3) is affected so previous kernels could be as well.

Reproducible: Always

Comment 1 Gordon Malm (RETIRED) gentoo-dev

2008-05-15 17:50:17 UTC

Only the part of the patch addressing nfs_server.export_path lead to a possible NULL ptr (the rest is just secure programming practice).
See: http://www.gossamer-threads.com/lists/linux/kernel/906343

That being the case, looks like only 2.6.25 is affected.  2.6.24 and prior use strncpy carefully to assign mntpath (nfs_server.export_path in 2.6.25) in nfs4_validate_mount_data.

Need a real programmer to check my statements for accuracy to be sure.