lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Jul 2020 11:14:52 -0400 From: Chuck Lever <chuck.lever@...cle.com> To: Kai-Heng Feng <kai.heng.feng@...onical.com> Cc: matthew.ruffell@...onical.com, linux-stable <stable@...r.kernel.org>, Linux NFS Mailing List <linux-nfs@...r.kernel.org>, "open list:NETWORKING DRIVERS" <netdev@...r.kernel.org>, open list <linux-kernel@...r.kernel.org> Subject: Re: [Regression] "SUNRPC: Add "@len" parameter to gss_unwrap()" breaks NFS Kerberos on upstream stable 5.4.y > On Jul 15, 2020, at 11:08 AM, Kai-Heng Feng <kai.heng.feng@...onical.com> wrote: > >> On Jul 15, 2020, at 23:02, Chuck Lever <chuck.lever@...cle.com> wrote: >> >>> On Jul 15, 2020, at 10:48 AM, Kai-Heng Feng <kai.heng.feng@...onical.com> wrote: >>> >>> Hi, >>> >>> Multiple users reported NFS causes NULL pointer dereference [1] on Ubuntu, due to commit "SUNRPC: Add "@len" parameter to gss_unwrap()" and commit "SUNRPC: Fix GSS privacy computation of auth->au_ralign". >>> >>> The same issue happens on upstream stable 5.4.y branch. >>> The mainline kernel doesn't have this issue though. >>> >>> Should we revert them? Or is there any missing commits need to be backported to v5.4? >>> >>> [1] https://bugs.launchpad.net/bugs/1886277 >>> >>> Kai-Heng >> >> 31c9590ae468 ("SUNRPC: Add "@len" parameter to gss_unwrap()") is a refactoring >> change. It shouldn't have introduced any behavior difference. But in theory, >> practice and theory should be the same... >> >> Check if 0a8e7b7d0846 ("SUNRPC: Revert 241b1f419f0e ("SUNRPC: Remove xdr_buf_trim()")") >> is also applied to 5.4.0-40-generic. > > Yes, it's included. The commit is part of upstream stable 5.4. > >> >> It would help to know if v5.5 stable is working for you. I haven't had any >> problems with it. > > I'll ask users to test it out. > Thanks for you quick reply! Another thought: Please ask what encryption type is in use. The kerberos_v1 enctypes might exercise a code path I wasn't able to test. -- Chuck Lever
Powered by blists - more mailing lists