nfs: Avoid overrun when copying client IP address string (Closes: #549002)
svn path=/dists/trunk/linux-2.6/; revision=14334
This commit is contained in:
parent
fbf5855cfc
commit
b509d4c613
|
@ -6,6 +6,8 @@ linux-2.6 (2.6.31-1~experimental.2) UNRELEASED; urgency=low
|
|||
- Firmware package status
|
||||
- Network configuration and status (optional)
|
||||
- USB device list
|
||||
* nfs: Avoid overrun when copying client IP address string
|
||||
(Closes: #549002)
|
||||
|
||||
-- Ben Hutchings <ben@decadent.org.uk> Sun, 04 Oct 2009 19:48:35 +0100
|
||||
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
From: Ben Hutchings <ben@decadent.org.uk>
|
||||
Date: Sun, 04 Oct 2009 14:25:50 +0100
|
||||
Subject: [PATCH] nfs: Avoid overrun when copying client IP address string
|
||||
|
||||
As seen in <http://bugs.debian.org/549002>, nfs4_init_client() can
|
||||
overrun the source string when copying the client IP address from
|
||||
nfs_parsed_mount_data::client_address to nfs_client::cl_ipaddr. Since
|
||||
these are both treated as null-terminated strings elsewhere, the copy
|
||||
should be done with strlcpy() not memcpy().
|
||||
|
||||
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||||
---
|
||||
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
|
||||
index 75c9cd2..f525a2f 100644
|
||||
--- a/fs/nfs/client.c
|
||||
+++ b/fs/nfs/client.c
|
||||
@@ -1073,7 +1073,7 @@ static int nfs4_init_client(struct nfs_client *clp,
|
||||
1, flags & NFS_MOUNT_NORESVPORT);
|
||||
if (error < 0)
|
||||
goto error;
|
||||
- memcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
|
||||
+ strlcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
|
||||
|
||||
error = nfs_idmap_new(clp);
|
||||
if (error < 0) {
|
|
@ -37,3 +37,4 @@
|
|||
+ bugfix/x86/fix-alternatives-on-486.patch
|
||||
+ bugfix/x86/fix-i8xx-agp-flush.patch
|
||||
+ bugfix/all/stable/2.6.31.1.patch
|
||||
+ bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch
|
||||
|
|
Loading…
Reference in New Issue