Bug 861888 - nfs-utils buffer overflow (similar to 485448)
Summary: nfs-utils buffer overflow (similar to 485448)
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nfs-utils
Version: 5.8
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-10-01 09:04 UTC by Oz
Modified: 2014-02-05 21:47 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-05 21:47:20 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Oz 2012-10-01 09:04:15 UTC 
Description of problem:
This bug is essentially similar to the one mentioned in the subject.

Version-Release number of selected component (if applicable):
The bugs occurs on a clean install of RHEL 5.8 with nfs-utils-1.0.9-60.el5.x86_64.rpm:

How reproducible:
This occurs every time I try to mount an NFS partition from another Linux machine
That machine offers
rpcinfo -p 10.64.180.179 | grep nfs
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs


When I downgraded nfs-utils to a previous version, the  mount command was successful. Here is an account of my actions including crash trace:

[root@rhel58 tmp]# rpm --force -i nfs-utils-1.0.9-44.el5.x86_64.rpm
warning: nfs-utils-1.0.9-44.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
[root@rhel58 tmp]# mount -o udp,nolock,ro 10.64.180.179:/viip /viip_client
[root@rhel58 tmp]# lsb_release -a

LSB Version:    :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: RedHatEnterpriseServer
Description:    Red Hat Enterprise Linux Server release 5.8 (Tikanga)
Release:        5.8
Codename:       Tikanga
[root@muclc6113 tmp]# rpm --force -i nfs-utils-1.0.9-60.el5.x86_64.rpm
warning: nfs-utils-1.0.9-60.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
[root@muclc6113 tmp]# mount -o udp,nolock,ro 10.64.180.179:/viip /viip_client
*** buffer overflow detected ***: /sbin/mount.nfs terminated
======= Backtrace: =========
/lib64/libc.so.6(__chk_fail+0x2f)[0x2b40dbcdc56f]
/sbin/mount.nfs[0x2b40db7c5b6c]
/sbin/mount.nfs[0x2b40db7c2dc6]
/sbin/mount.nfs(main+0x5b8)[0x2b40db7c3468]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2b40dbc11994]
/sbin/mount.nfs[0x2b40db7c2729]
======= Memory map: ========
2b40db7bf000-2b40db7d0000 r-xp 00000000 08:03 22184175                   /sbin/mount.nfs
2b40db9d0000-2b40db9d1000 rw-p 00011000 08:03 22184175                   /sbin/mount.nfs
2b40db9d1000-2b40db9d6000 rw-p 2b40db9d1000 00:00 0
2b40db9d6000-2b40db9f2000 r-xp 00000000 08:03 25657348                   /lib64/ld-2.5.so
2b40db9f2000-2b40db9f4000 rw-p 2b40db9f2000 00:00 0
2b40dbbf2000-2b40dbbf3000 r--p 0001c000 08:03 25657348                   /lib64/ld-2.5.so
2b40dbbf3000-2b40dbbf4000 rw-p 0001d000 08:03 25657348                   /lib64/ld-2.5.so
2b40dbbf4000-2b40dbd43000 r-xp 00000000 08:03 25657355                   /lib64/libc-2.5.so
2b40dbd43000-2b40dbf42000 ---p 0014f000 08:03 25657355                   /lib64/libc-2.5.so
2b40dbf42000-2b40dbf46000 r--p 0014e000 08:03 25657355                   /lib64/libc-2.5.so
2b40dbf46000-2b40dbf47000 rw-p 00152000 08:03 25657355                   /lib64/libc-2.5.so
2b40dbf47000-2b40dbf4d000 rw-p 2b40dbf47000 00:00 0
2b40dbf4d000-2b40dbf5a000 r-xp 00000000 08:03 25657346                   /lib64/libgcc_s-4.1.2-20080825.so.1
2b40dbf5a000-2b40dc15a000 ---p 0000d000 08:03 25657346                   /lib64/libgcc_s-4.1.2-20080825.so.1
2b40dc15a000-2b40dc15b000 rw-p 0000d000 08:03 25657346                   /lib64/libgcc_s-4.1.2-20080825.so.1
2b40f3b1e000-2b40f3b3f000 rw-p 2b40f3b1e000 00:00 0                      [heap]
7fffb2996000-7fffb29ab000 rw-p 7ffffffe9000 00:00 0                      [stack]
7fffb29fd000-7fffb2a00000 r-xp 7fffb29fd000 00:00 0                      [vdso]
ffffffffff600000-ffffffffffe00000 ---p 00000000 00:00 0                  [vsyscall]


**** 

I have tried also specifying UDP or TCP, or NFS v.2 or NFS v.3 (in all 4 possible combinations), the buffer overflow happens always.
Comment 1 Oz 2012-10-01 09:24:41 UTC 
I was looking at nfs-utils in some more versions available, this bug occurs also with nfs-utils-1.0.9-54!

I must, unfortunately, downgrade to  nfs-utils-1.0.9-50, the latest version where that bug does not occur.
Comment 2 Oz 2012-10-11 09:31:45 UTC 
OK, I found out this bug is a similar to this:
https://bugzilla.redhat.com/show_bug.cgi?id=804681

I have enabled nfs version 3 on the server system and now my RHEL5.8 can mount 
nfs!

in  /etc/sysconfig/nfs
MOUNTD_NFS_V3="yes"

SIDE NOTE: the NFS server is a slightly modified RHEL55, NOT CentOS. All the packages including Kernel and nfs utils are RHEL55 compiled packages with exact md5sum for RHEL55.
Comment 3 RHEL Program Management 2014-01-29 10:36:09 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 4 RHEL Program Management 2014-02-05 21:47:20 UTC 
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.
Note You need to log in before you can comment on or make changes to this bug.