[Glibc-bsd-commits] r5461 - in branches/wheezy/kfreebsd-9/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Wed Apr 9 00:01:17 UTC 2014
Author: stevenc-guest
Date: 2014-04-09 00:01:16 +0000 (Wed, 09 Apr 2014)
New Revision: 5461
Added:
branches/wheezy/kfreebsd-9/debian/patches/SA-14_05.nfsserver.patch
Modified:
branches/wheezy/kfreebsd-9/debian/changelog
branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Pick SVN 264285 from FreeBSD 9-STABLE to fix SA-14:05 / CVE-2014-1453:
Deadlock in the NFS server
Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-9/debian/changelog 2014-04-03 14:49:12 UTC (rev 5460)
+++ branches/wheezy/kfreebsd-9/debian/changelog 2014-04-09 00:01:16 UTC (rev 5461)
@@ -1,3 +1,11 @@
+kfreebsd-9 (9.0-10+deb70.7) UNRELEASED; urgency=high
+
+ * Team upload.
+ * Pick SVN 264285 from FreeBSD 9-STABLE to fix SA-14:05 / CVE-2014-1453:
+ Deadlock in the NFS server
+
+ -- Steven Chamberlain <steven at pyro.eu.org> Tue, 08 Apr 2014 23:41:22 +0000
+
kfreebsd-9 (9.0-10+deb70.6) stable; urgency=low
* Disable VIA hardware RNG by default. Use hw.nehemiah_rng_enable
Added: branches/wheezy/kfreebsd-9/debian/patches/SA-14_05.nfsserver.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/SA-14_05.nfsserver.patch (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/SA-14_05.nfsserver.patch 2014-04-09 00:01:16 UTC (rev 5461)
@@ -0,0 +1,75 @@
+Description:
+ Fix NFS deadlock vulnerability. [SA-14:05] (CVE-2014-1453)
+Origin: vendor, http://security.FreeBSD.org/patches/SA-14:05/nfsserver.patch
+Bug: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:05.nfsserver.asc
+Bug-Debian: http://bugs.debian.org/743984
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=264285
+
+--- kfreebsd-9-9.0.orig/sys/fs/nfsserver/nfs_nfsdserv.c
++++ kfreebsd-9-9.0/sys/fs/nfsserver/nfs_nfsdserv.c
+@@ -1446,10 +1446,23 @@
+ nfsvno_relpathbuf(&fromnd);
+ goto out;
+ }
++ /*
++ * Unlock dp in this code section, so it is unlocked before
++ * tdp gets locked. This avoids a potential LOR if tdp is the
++ * parent directory of dp.
++ */
+ if (nd->nd_flag & ND_NFSV4) {
+ tdp = todp;
+ tnes = *toexp;
+- tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0);
++ if (dp != tdp) {
++ NFSVOPUNLOCK(dp, 0);
++ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
++ p, 0); /* Might lock tdp. */
++ } else {
++ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
++ p, 1);
++ NFSVOPUNLOCK(dp, 0);
++ }
+ } else {
+ tfh.nfsrvfh_len = 0;
+ error = nfsrv_mtofh(nd, &tfh);
+@@ -1470,10 +1483,12 @@
+ tnes = *exp;
+ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred,
+ p, 1);
++ NFSVOPUNLOCK(dp, 0);
+ } else {
++ NFSVOPUNLOCK(dp, 0);
+ nd->nd_cred->cr_uid = nd->nd_saveduid;
+ nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL,
+- 0, p);
++ 0, p); /* Locks tdp. */
+ if (tdp) {
+ tdirfor_ret = nfsvno_getattr(tdp, &tdirfor,
+ nd->nd_cred, p, 1);
+@@ -1488,7 +1503,7 @@
+ if (error) {
+ if (tdp)
+ vrele(tdp);
+- vput(dp);
++ vrele(dp);
+ nfsvno_relpathbuf(&fromnd);
+ nfsvno_relpathbuf(&tond);
+ goto out;
+@@ -1503,7 +1518,7 @@
+ }
+ if (tdp)
+ vrele(tdp);
+- vput(dp);
++ vrele(dp);
+ nfsvno_relpathbuf(&fromnd);
+ nfsvno_relpathbuf(&tond);
+ goto out;
+@@ -1512,7 +1527,7 @@
+ /*
+ * Done parsing, now down to business.
+ */
+- nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp);
++ nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp);
+ if (nd->nd_repstat) {
+ if (nd->nd_flag & ND_NFSV3) {
+ nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret,
Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series 2014-04-03 14:49:12 UTC (rev 5460)
+++ branches/wheezy/kfreebsd-9/debian/patches/series 2014-04-09 00:01:16 UTC (rev 5461)
@@ -18,6 +18,7 @@
disable_via_rng.diff
EN-14_02.mmap.patch
fix_lseek_zfs.diff
+SA-14_05.nfsserver.patch
# Other patches that might or might not be mergeable
001_misc.diff
More information about the Glibc-bsd-commits
mailing list