Ack: Re: [PATCH 0/3] [CVE-2012-2375] [ONEIRIC] [NATTY] More NFS ACL boundry checking
Herton Ronaldo Krzesinski
herton.krzesinski at canonical.com
Thu May 31 17:50:05 UTC 2012
On Thu, May 31, 2012 at 10:01:17AM -0700, Brad Figg wrote:
> The fix for CVE-2011-4131 was not complete. Malicious NFS server could still
> crash the clients when more than 2 GETATTR bitmap words are returned in
> response to the FATTR4_ACL attribute request.
>
> Sachin Prabhu (2):
> Avoid reading past buffer when calling GETACL
> Avoid beyond bounds copy while caching ACL
>
> fs/nfs/nfs4proc.c | 28 +++++++++++++++-------------
> fs/nfs/nfs4xdr.c | 18 +++++++++++-------
> 2 files changed, 26 insertions(+), 20 deletions(-)
Ack, they just miss the buglinks (already spotted)
>
> --
> 1.7.9.5
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
--
[]'s
Herton
More information about the kernel-team
mailing list