Bug 669065 - Segfault in nfs-utils 1.2.3 - remote rpc.mountd crash possible
Summary: Segfault in nfs-utils 1.2.3 - remote rpc.mountd crash possible
Alias: None
Product: Fedora
Classification: Fedora
Component: nfs-utils
Version: 14
Hardware: Unspecified
OS: Linux
Target Milestone: ---
Assignee: Steve Dickson
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2011-01-12 15:43 UTC by sdrb
Modified: 2011-04-14 18:00 UTC (History)
3 users (show)

Fixed In Version: nfs-utils-1.2.3-5.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-02-03 20:24:41 UTC

Attachments (Terms of Use)
Patch for nfs-utils 1.2.3 for fixing segfault. (422 bytes, patch)
2011-01-12 15:43 UTC, sdrb
no flags Details | Diff

Description sdrb 2011-01-12 15:43:21 UTC
Created attachment 473061 [details]
Patch for nfs-utils 1.2.3 for fixing segfault.

Description of problem:
It is possible to crash rpc.mountd remotely.

Version-Release number of selected component (if applicable):

How reproducible:
Always while mounting nfs share using nfs v2 or v3.

Steps to Reproduce:

1. server# rpc.mountd -F -d all
2. host# showmount -a server
3. host# mount -t nfs server:/tmp/nfs /mnt/nfs2 -o nfsvers=3,nolock
4. host# umount /mnt/nfs2 
5. host# mount -t nfs server:/tmp/nfs /mnt/nfs2 -o nfsvers=3,nolock
6. host# showmount -a server

Actual results:

After spawning showmount for the second time (at step 6) - rpc.mountd crashes with segfault (on the nfs-server side).

Expected results:

Showmount should return list of mounted shares and rpc.mountd shouldn't crash.

Additional info:

After analyses of nfs-utils source - I think the problem lies in mountlist_list() procedure where "mlist" variable should be NULL-ed after invocation of mountlist_freeall(mlist);
I attached patch for fix it.

Can anyone confirm that this patch fixes it correctly?

Comment 1 Steve Dickson 2011-01-14 22:36:47 UTC
Fixed in nfs-utils-1.2.3-2.fc14

Comment 2 sdrb 2011-01-15 12:04:59 UTC
I've checked nfs-utils-1.2.3-2.fc14 and I'm afraid the problem still exist for me - I mean it is still possible to crash rpc.mountd remotely.

I've tested both: nfs-utils-1.2.3-2.fc14 binary package and recompiled src package several times and the reaction is the same - segfault.

Comment 3 sdrb 2011-01-25 14:37:03 UTC
I upgraded nfs-utils to the newest nfs-utils-1.2.3-4.fc14 and still buggy...

Comment 4 Steve Dickson 2011-01-25 16:16:40 UTC
Could you please try the nfs-utils in the following scratch build:

If it does fix the problem, I'll push it out asap... tia...

Comment 5 sdrb 2011-01-26 07:38:08 UTC
Yes - it fixes the bug - there is no segfault now.

I tested both: your binary nfs-utils-1.2.3-5 i686 package and recompiled on my own from your src.rpm.
Both of them work.
Thank you.

Comment 6 Fedora Update System 2011-01-26 12:47:40 UTC
nfs-utils-1.2.3-5.fc14 has been submitted as an update for Fedora 14.

Comment 7 Fedora Update System 2011-01-26 20:54:01 UTC
nfs-utils-1.2.3-5.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update nfs-utils'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/nfs-utils-1.2.3-5.fc14

Comment 8 Fedora Update System 2011-02-03 20:24:36 UTC
nfs-utils-1.2.3-5.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 syang 2011-04-14 18:00:38 UTC
I've a similar problem with nfs-utils-1.2.3-5.fc14 (x86_64). After a remote
nfs mount request from a client, the nfs-server will not even see
ssh requests let alone satisfying any mount request. There is no message
in /var/log/messages. I've tried this on 3 servers now, same result.
On one occasion, one of the server was in the middle of a yum update
and the remote client mount request actually stopped net access for the yum.
Re-installed one of the server to f13, and no more problem. Tried the
f13 nfs-utils on the f14 servers, no luck after a reboot. I even tried
the nfs-utils from f15, still no luck. Disabled "Defaultvers=3" in
etc/nfsmount.conf, still no luck. I do admit nfs-utils-1.2.3-5.fc14 used
to work with "Defaultvers=4" at the beginning with remote client nfs mount.
Now nfs requests are not successful with no error message. Before,
it may "timeout" from the "stuck" in an hour or so. Any suggestion besides
re-install to f13 ? Thanks in advance.

Note You need to log in before you can comment on or make changes to this bug.