lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080103093048.GA16803@elte.hu>
Date:	Thu, 3 Jan 2008 10:30:48 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Trond Myklebust <Trond.Myklebust@...app.com>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org
Subject: Re: [GIT] More NFS client fixes for 2.6.24-rc6


* Trond Myklebust <Trond.Myklebust@...app.com> wrote:

> commit 53478daff2c8b494d2af1ede6611f166f81bc393
> Author: Trond Myklebust <Trond.Myklebust@...app.com>
> Date:   Wed Jan 2 13:28:57 2008 -0500
> 
>     NFS: Fix a possible Oops in fs/nfs/super.c
>     
>     Sigh... commit 4584f520e1f773082ef44ff4f8969a5d992b16ec (NFS: Fix NFS
>     mountpoint crossing...) had a slight flaw: server can be NULL if sget()
>     returned an existing superblock.
>     
>     Fix the fix by dereferencing s->s_fs_info.
>     
>     Also add in the same namespace Oops fix for NFSv4 in both the mountpoint
>     crossing case, and the referral case.
>     
>     Signed-off-by: Trond Myklebust <Trond.Myklebust@...app.com>

shouldnt this commit have included the full credit of the bugfix:

  http://bugzilla.kernel.org/show_bug.cgi?id=9647

  ------------>
  Description From Adrian Bunk 2007-12-27 12:36

  The Coverity checker spotted that commit
  4584f520e1f773082ef44ff4f8969a5d992b16ec introduced the following NULL
  dereference in 2.6.24-rc6:

  <--  snip  -->
         if (s->s_fs_info != server) {
                 nfs_free_server(server);
                 server = NULL;     <---------------
         }

  ------- Comment #1 From Adrian Bunk 2007-12-27 12:37:42 -------
  The NULL dereference is at the 
  server->nfs_client->rpc_ops->dir_inode_ops.
  <--------------

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ