| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Mar 2011 15:35:01 -0400 From: "J. Bruce Fields" <bfields@...ldses.org> To: Mi Jinlong <mijinlong@...fujitsu.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, roel <roel.kluin@...il.com>, Neil Brown <neilb@...e.de>, linux-nfs@...r.kernel.org, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] nfsd: wrong index used in inner loop On Fri, Mar 11, 2011 at 11:52:14AM +0800, Mi Jinlong wrote: > > > J. Bruce Fields: > > On Wed, Mar 09, 2011 at 03:42:30PM -0800, Andrew Morton wrote: > >> On Tue, 08 Mar 2011 22:32:26 +0100 > >> roel <roel.kluin@...il.com> wrote: > >> > >>> Index i was already used in the outer loop > >>> > >>> Signed-off-by: Roel Kluin <roel.kluin@...il.com> > >>> --- > >>> fs/nfsd/nfs4xdr.c | 4 ++-- > >>> 1 files changed, 2 insertions(+), 2 deletions(-) > >>> > >>> Not 100% sure this one is needed but it looks suspicious. > >>> > >>> diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c > >>> index 1275b86..615f0a9 100644 > >>> --- a/fs/nfsd/nfs4xdr.c > >>> +++ b/fs/nfsd/nfs4xdr.c > >>> @@ -1142,7 +1142,7 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp, > >>> > >>> u32 dummy; > >>> char *machine_name; > >>> - int i; > >>> + int i, j; > >>> int nr_secflavs; > >>> > >>> READ_BUF(16); > >>> @@ -1215,7 +1215,7 @@ nfsd4_decode_create_session(struct nfsd4_compoundargs *argp, > >>> READ_BUF(4); > >>> READ32(dummy); > >>> READ_BUF(dummy * 4); > >>> - for (i = 0; i < dummy; ++i) > >>> + for (j = 0; j < dummy; ++j) > >>> READ32(dummy); > >>> break; > >>> case RPC_AUTH_GSS: > >> ooh, big bug. > >> > >> I wonder why it was not previously detected at runtime. Perhaps > >> nr_secflavs is always 1. > > > > Yeah, no client uses this calback security information yet. > > > > Mi Jinlong, do you think this is something we could have caught with > > another pynfs test? > > Yes, we must test it. > > After testing, the following test case is OK. I've pushed out a tree with your additional tests to git://linux-nfs.org/~bfields/pynfs41.git Let me know what I'm missing. Thanks again.--b. > > -- > thanks, > Mi Jinlong > > > >From 1afac3444b37bac66970f19c409660a304a53fb4 Mon Sep 17 00:00:00 2001 > From: Mi Jinlong <mijinlong@...fujitsu.com> > Date: Sun, 11 Mar 2011 09:05:22 +0800 > Subject: [PATCH] CLNT: test a decode problem which use wrong index > > Signed-off-by: Mi Jinlong <mijinlong@...fujitsu.com> > --- > nfs4.1/server41tests/st_create_session.py | 16 ++++++++++++++++ > 1 files changed, 16 insertions(+), 0 deletions(-) > > diff --git a/nfs4.1/server41tests/st_create_session.py b/nfs4.1/server41tests/st_create_session.py > index ff55d10..e3a8421 100644 > --- a/nfs4.1/server41tests/st_create_session.py > +++ b/nfs4.1/server41tests/st_create_session.py > @@ -252,6 +252,22 @@ def testCbSecParms(t, env): > c1 = env.c1.new_client(env.testname(t)) > sess1 = c1.create_session(sec=sec) > > +def testCbSecParmsDec(t, env): > + """A decode problem was found at NFS server that > + wrong index used in inner loop, > + http://marc.info/?l=linux-kernel&m=129961996327640&w=2 > + > + FLAGS: create_session all > + CODE: CSESS16a > + """ > + sec = [callback_sec_parms4(AUTH_NONE), > + callback_sec_parms4(RPCSEC_GSS, cbsp_gss_handles=gss_cb_handles4(RPC_GSS_SVC_PRIVACY, "Handle from server", "Client handle")), > + callback_sec_parms4(AUTH_SYS, cbsp_sys_cred=authsys_parms(5, "Random machine name", 7, 11, [])), > + ] > + > + c1 = env.c1.new_client(env.testname(t)) > + sess1 = c1.create_session(sec=sec) > + > def testRdmaArray0(t, env): > """Test 0 length rdma arrays > > -- > 1.7.4.1 > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists