Bug 191299
Summary: | CVE-2005-4798 nfs client: handle long symlinks properly | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Marcel Holtmann <holtmann> |
Component: | kernel | Assignee: | Don Howard <dhoward> |
Status: | CLOSED NOTABUG | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | impact=moderate,source=bugzilla,reported=20050925,public=20050925 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-10 19:45:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Marcel Holtmann
2006-05-10 16:47:24 UTC
It looks like rhel2 gets this right: strlen = (u32*)res->buffer; /* Convert length of symlink */ len = ntohl(*strlen); if (len > res->bufsiz - 5) len = res->bufsiz - 5; *strlen = len; /* NULL terminate the string we got */ string = (char *)(strlen + 1); string[len] = 0; (nfs2/3 on pensacola and derry are all similar) |