[kernel] r14335 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series
Ben Hutchings
benh at alioth.debian.org
Sun Oct 4 23:41:52 UTC 2009
Author: benh
Date: Sun Oct 4 23:41:51 2009
New Revision: 14335
Log:
nfs: Avoid overrun when copying client IP address string (Closes: #549002)
Added:
dists/lenny/linux-2.6/debian/patches/bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch
Modified:
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/series/20
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog Sun Oct 4 23:37:40 2009 (r14334)
+++ dists/lenny/linux-2.6/debian/changelog Sun Oct 4 23:41:51 2009 (r14335)
@@ -11,6 +11,8 @@
(Closes: #544619)
* dm-snap: Fix crash when using both snapshot and origin volumes
(Closes: #545999)
+ * nfs: Avoid overrun when copying client IP address string
+ (Closes: #549002)
[ dann frazier ]
* autofs4: don't make expiring dentry negative, avoiding an oops
Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch Sun Oct 4 23:41:51 2009 (r14335)
@@ -0,0 +1,25 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 04 Oct 2009 14:25:50 +0100
+Subject: [PATCH] nfs: Avoid overrun when copying client IP address string
+
+As seen in <http://bugs.debian.org/549002>, nfs4_init_client() can
+overrun the source string when copying the client IP address from
+nfs_parsed_mount_data::client_address to nfs_client::cl_ipaddr. Since
+these are both treated as null-terminated strings elsewhere, the copy
+should be done with strlcpy() not memcpy().
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+diff --git a/fs/nfs/client.c b/fs/nfs/client.c
+index 75c9cd2..f525a2f 100644
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -1073,7 +1073,7 @@ static int nfs4_init_client(struct nfs_client *clp,
+ 1, flags & NFS_MOUNT_NORESVPORT);
+ if (error < 0)
+ goto error;
+- memcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
++ strlcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
+
+ error = nfs_idmap_new(clp);
+ if (error < 0) {
Modified: dists/lenny/linux-2.6/debian/patches/series/20
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/20 Sun Oct 4 23:37:40 2009 (r14334)
+++ dists/lenny/linux-2.6/debian/patches/series/20 Sun Oct 4 23:41:51 2009 (r14335)
@@ -4,4 +4,5 @@
+ bugfix/parisc/ensure-tlb-purge-runs-single-threaded.patch
+ bugfix/all/virtio_balloon-fix-towards_target-when-deflating.patch
+ bugfix/all/dm-snapshot-fix-primary_pe-race.patch
++ bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch
+ features/all/ftdi_sio-openrd.patch
More information about the Kernel-svn-changes
mailing list