[Acl-Devel] [FIX] nfsacl: Remote denial-of-service bug
Andreas Gruenbacher
agruen at suse.de
Wed Jan 12 14:09:43 CET 2005
Hello,
the sunrpc-multiple-programs patch, which is part of the nfsacl protocol
extension for 2.6 kernels, contains a bug that crashes the kernel nfs
deamon with a NULL pointer access when a client requests an unknown
program number. The incremental fix from Olaf Kirch is as follows:
Index: linux-2.6.5/net/sunrpc/svc.c
===================================================================
--- linux-2.6.5.orig/net/sunrpc/svc.c 2004-11-19 11:22:19.000000000 +0100
+++ linux-2.6.5/net/sunrpc/svc.c 2004-12-10 15:48:40.000000000 +0100
@@ -450,7 +450,7 @@ err_bad_auth:
err_bad_prog:
#ifdef RPC_PARANOIA
if (prog != 100227 || serv->sv_program->pg_prog != 100003)
- printk("svc: unknown program %d (me %d)\n", prog, progp->pg_prog);
+ printk("svc: unknown program %d (me %d)\n", prog, serv->sv_program->pg_prog);
/* else it is just a Solaris client seeing if ACLs are supported */
#endif
serv->sv_stats->rpcbadfmt++;
RECOMMENDATION TO UPGRADE
Please upgrade if you are using the 2.6-based nfsacl extensions.
The version found at http://acl.bestbits.at/nfsacl/2.6.9-rc2/ has
already been fixed.
Regards,
--
Andreas Gruenbacher <agruen at suse.de>
SUSE Labs, SUSE LINUX GMBH
More information about the acl-devel
mailing list