| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <174913396272.1334876.9083690750451022812.b4-ty@oracle.com>
Date: Thu, 5 Jun 2025 10:34:40 -0400
From: Chuck Lever <cel@...nel.org>
To: NeilBrown <neil@...wn.name>,
Olga Kornievskaia <okorniev@...hat.com>,
Dai Ngo <Dai.Ngo@...cle.com>,
Tom Talpey <tom@...pey.com>,
Jeff Layton <jlayton@...nel.org>
Cc: Chuck Lever <chuck.lever@...cle.com>,
lei lu <llfamsec@...il.com>,
linux-nfs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
From: Chuck Lever <chuck.lever@...cle.com>
On Wed, 04 Jun 2025 12:01:10 -0400, Jeff Layton wrote:
> Lei Lu recently reported that nfsd4_setclientid_confirm() did not check
> the return value from get_client_locked(). a SETCLIENTID_CONFIRM could
> race with a confirmed client expiring and fail to get a reference. That
> could later lead to a UAF.
>
> Fix this by getting a reference early in the case where there is an
> extant confirmed client. If that fails then treat it as if there were no
> confirmed client found at all.
>
> [...]
Applied to nfsd-testing, thanks!
[1/1] nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
commit: 2de843e11f5d16b31742259f2d3929b681a2de32
--
Chuck Lever
Powered by blists - more mailing lists