Debian Bug report logs - #549002
linux-image-2.6.26-2-xen-amd64: Kernel Oops - autofs5 nfs4 mount

version graph

Package: linux-image-2.6.26-2-xen-amd64; Maintainer for linux-image-2.6.26-2-xen-amd64 is (unknown);

Reported by: Christian Salzmann <[email protected]>

Date: Wed, 30 Sep 2009 09:39:03 UTC

Severity: important

Tags: patch, upstream

Found in version linux-2.6/2.6.26-19

Fixed in versions linux-2.6/2.6.31-1~experimental.2, linux-2.6/2.6.26-20

Done: dann frazier <[email protected]>

Bug is archived. No further changes may be made.

Full log

🔗 View this message in rfc822 format

X-Loop: [email protected]
Subject: Bug#549002: [PATCH] nfs: Avoid overrun when copying client IP address string
Reply-To: Trond Myklebust <[email protected]>, [email protected]
Resent-From: Trond Myklebust <[email protected]>
Resent-To: [email protected]
Resent-CC: Debian Kernel Team <[email protected]>
X-Loop: [email protected]
Resent-Date: Sun, 04 Oct 2009 22:36:05 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
X-Debian-PR-Message: followup 549002
X-Debian-PR-Package: linux-image-2.6.26-2-xen-amd64
X-Debian-PR-Keywords: upstream patch
X-Debian-PR-Source: linux-2.6
Received: via spool by [email protected] id=B549002.125469563523705
          (code B ref 549002); Sun, 04 Oct 2009 22:36:05 +0000
Received: (at 549002) by bugs.debian.org; 4 Oct 2009 22:33:55 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02
	(2007-08-08) on rietz.debian.org
X-Spam-Level: 
X-Spam-Bayes: score:0.0000 Tokens: new, 98; hammy, 97; neutral, 36; spammy, 1.
	spammytokens:0.896-+--applies hammytokens:0.000-+--H*UA:2.26.3,
	0.000-+--H*x:2.26.3, 0.000-+--upstream, 0.000-+--maintainer, 0.000-+--Linux
X-Spam-Status: No, score=-1.7 required=4.0 tests=BAYES_00,IMPRONONCABLE_1,
	IMPRONONCABLE_2,MURPHY_DRUGS_REL8,MURPHY_WRONG_WORD2,RCVD_IN_DNSWL_MED,
	SPF_HELO_PASS,SPF_PASS autolearn=no version=3.2.3-bugs.debian.org_2005_01_02
Received: from mx2.netapp.com ([216.240.18.37])
	by rietz.debian.org with esmtp (Exim 4.63)
	(envelope-from <[email protected]>)
	id 1MuZeN-000699-6c
	for [email protected]; Sun, 04 Oct 2009 22:33:55 +0000
X-IronPort-AV: E=Sophos;i="4.44,503,1249282800"; 
   d="scan'208";a="253345363"
Received: from smtp2.corp.netapp.com ([10.57.159.114])
  by mx2-out.netapp.com with ESMTP; 04 Oct 2009 15:33:19 -0700
Received: from sacrsexc1-prd.hq.netapp.com (sacrsexc1-prd.hq.netapp.com [10.99.115.27])
	by smtp2.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id n94MXH7A004217;
	Sun, 4 Oct 2009 15:33:18 -0700 (PDT)
Received: from SACMVEXC2-PRD.hq.netapp.com ([10.99.115.17]) by sacrsexc1-prd.hq.netapp.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Sun, 4 Oct 2009 15:33:17 -0700
Received: from 10.58.60.92 ([10.58.60.92]) by SACMVEXC2-PRD.hq.netapp.com ([10.99.115.16]) with Microsoft Exchange Server HTTP-DAV ;
 Sun,  4 Oct 2009 22:33:17 +0000
Received: from heimdal.trondhjem.org by SACMVEXC2-PRD.hq.netapp.com; 04 Oct 2009 18:33:17 -0400
From: Trond Myklebust <[email protected]>
To: Ben Hutchings <[email protected]>
Cc: [email protected], [email protected]
In-Reply-To: <1254662749.2395.68.camel@localhost>
References: <1254662749.2395.68.camel@localhost>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Organization: NetApp
Date: Sun, 04 Oct 2009 18:33:16 -0400
Message-Id: <[email protected]>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.3 (2.26.3-1.fc11) 
X-OriginalArrivalTime: 04 Oct 2009 22:33:17.0736 (UTC) FILETIME=[AB498280:01CA4542]

On Sun, 2009-10-04 at 14:25 +0100, Ben Hutchings wrote:
> As seen in <http://bugs.debian.org/549002>, nfs4_init_client() can
> overrun the source string when copying the client IP address from
> nfs_parsed_mount_data::client_address to nfs_client::cl_ipaddr.  Since
> these are both treated as null-terminated strings elsewhere, the copy
> should be done with strlcpy() not memcpy().
> 
> Signed-off-by: Ben Hutchings <[email protected]>
> ---
> diff --git a/fs/nfs/client.c b/fs/nfs/client.c
> index 75c9cd2..f525a2f 100644
> --- a/fs/nfs/client.c
> +++ b/fs/nfs/client.c
> @@ -1073,7 +1073,7 @@ static int nfs4_init_client(struct nfs_client *clp,
>  				      1, flags & NFS_MOUNT_NORESVPORT);
>  	if (error < 0)
>  		goto error;
> -	memcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
> +	strlcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
>  
>  	error = nfs_idmap_new(clp);
>  	if (error < 0) {

It looks good, so I'll push it upstream. I assume the bug report also
applies to [email protected]?

Thanks!

  Trond
-- 
Trond Myklebust
Linux NFS client maintainer

NetApp
[email protected]
www.netapp.com

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Sat May 10 03:13:16 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.