ACK: Resubmit: [PATCH 0/1x2] [CVE-2011-4131] NFSv4: include bitmap in nfsv4 get acl data
Stefan Bader
stefan.bader at canonical.com
Wed May 2 09:23:46 UTC 2012
On 02.05.2012 00:49, Brad Figg wrote:
> The following two patches address this CVE for Oneiric and Natty. The CVE has
> been referred back to the security team for Lucid and Hardy.
>
>
> CVE-2011-4131
>
> BugLink: http://bugs.launchpad.net/bugs/893147
>
> The NFSv4 bitmap size is unbounded: a server can return an arbitrary
> sized bitmap in an FATTR4_WORD0_ACL request. Replace using the
> nfs4_fattr_bitmap_maxsz as a guess to the maximum bitmask returned by a server
> with the inclusion of the bitmap (xdr length plus bitmasks) and the acl data
> xdr length to the (cached) acl page data.
>
> This is a general solution to commit e5012d1f "NFSv4.1: update
> nfs4_fattr_bitmap_maxsz" and fixes hitting a BUG_ON in xdr_shrink_bufhead
> when getting ACLs.
>
> Fix a bug in decode_getacl that returned -EINVAL on ACLs > page when getxattr
> was called with a NULL buffer, preventing ACL > PAGE_SIZE from being retrieved.
>
>
Seems to be doing as claimed and to be following the same lines as upstream (not
always easy to follow)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20120502/64e1b075/attachment.sig>
More information about the kernel-team
mailing list