[PATCH 0/2] [CVE-2012-2375] [PRECISE] More NFS ACL boundry checking
Brad Figg
brad.figg at canonical.com
Thu May 31 16:54:41 UTC 2012
On 05/31/2012 09:48 AM, Tim Gardner wrote:
> On 05/31/2012 10:25 AM, Brad Figg wrote:
>> The fix for CVE-2011-4131 was not complete. Malicious NFS server could still
>> crash the clients when more than 2 GETATTR bitmap words are returned in
>> response to the FATTR4_ACL attribute request.
>>
>> Sachin Prabhu (2):
>> Avoid reading past buffer when calling GETACL
>> Avoid beyond bounds copy while caching ACL
>>
>> fs/nfs/nfs4proc.c | 28 +++++++++++++++-------------
>> fs/nfs/nfs4xdr.c | 18 +++++++++++-------
>> 2 files changed, 26 insertions(+), 20 deletions(-)
>>
>
> Did you somehow get the patch logs reversed ? The commit log for '[PATCH
> 1/2] [CVE-2012-2375] [PRECISE] Avoid reading past buffer when calling
> GETACL' does not appear to be correct. Its certainly not the commit
> referenced below your s-o-b, e.g.,
> 5794d21ef4639f0e33440927bb903f9598c21e92 is for 'Avoid beyond bounds
> copy while caching ACL'.
>
> rtg
Yes, that is exactly what I did. Will fix and resend.
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list