Bug 141733
| Summary: | buffer overflow in nfs mount when ip address too long | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Klochan Tibor <tklochan> | ||||
| Component: | util-linux | Assignee: | Steve Dickson <steved> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | security-response-team | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i686 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2005-06-16 09:24:14 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Steve, this one probably warrants an erratum for affected releases... Created attachment 107898 [details]
A patch the increase the input buffer size and protects against further buffer overruns
Fixed in util-linux-2.12a-19 Fixed and released. We can close it. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux) (KHTML, like Gecko) Description of problem: The next comand failed : mount -t nfs 192.168.168.168:/ /mnt/u Version-Release number of selected component (if applicable): util-linux-2.12a-18 How reproducible: Always Steps to Reproduce: 1. mount -t nfs 192.168.168.200 /mnt/u Actual Results: *** buffer overflow detected *** Aborted (core dumped) Expected Results: should mount the nfs directory to the /mnt/u without error message Additional info: The problem is in the nfs4 patch, where in the nsfmount subroutine the declared cbuf size is too small (20 bytes) for longer ip addresses. FIX: Please increase it. FIX CHECK: After I increased the cbuf to 128 bytes there was no problem anymore.