lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 26 Sep 2006 09:17:26 -0400
From:	Valdis.Kletnieks@...edu
To:	Eric Sesterhenn <snakebyte@....de>
Cc:	linux-kernel@...r.kernel.org, chuck.lever@...cle.com
Subject: Re: [Patch] Possible dereference in fs/nfsd/nfs4callback.c

On Tue, 26 Sep 2006 12:30:59 +0200, Eric Sesterhenn said:

> we set cb->cb_client to NULL and pass it to rpc_shutdown_client() which dereferences it.
> The easy fix below.

>  out_clnt:
> -	rpc_shutdown_client(cb->cb_client);
> +	if (cb->cb_client)
> +		rpc_shutdown_client(cb->cb_client);

OK, I admit not knowing the NFS code well, but this one looks suspiciously
like "easy paper-over" rather than "easy fix".  Is there other cod elsewhere
that guards this case from ever actually happening?  If it *does* happen,
is it indicative of major borkage and we really should do something like:

	if (cb->cb_client)
		rpm_shutdown_client(cb->cb_client)
	else
		printk(KERN_ERR "Yowza - trashed NFS control structures...");

or even maybe a more drastic action (oops/panic)?

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ