[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#706414: CVE-2013-3266: Insufficient input validation in the NFS server

Hi!

Steven Chamberlain <steven@pyro.eu.org> writes:
> tags 706414 + pending
> thanks
>
> I've applied upstream's patch in SVN, I'm running it now on my NFS
> server and seems okay.
>
> Christoph, would you be able to do an upload of this to unstable please?

I'm building right now. As it is too late for wheezy r0 it seems we'll
need to go through either security or stable-updates for wheezy
(security Cc-ed and patch attached to get that going).

    Christoph

Description:
 Fix a bug that allows NFS clients to issue READDIR on files. [13:05]
 (CVE-2013-3266)
Origin: vendor, http://security.freebsd.org/patches/SA-13:05/nfsserver.patch
Bug: http://security.freebsd.org/advisories/FreeBSD-SA-13:05.nfsserver.asc
Bug-Debian: http://bugs.debian.org/706414
Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=250060

Index: kfreebsd-9-9.0/sys/fs/nfsserver/nfs_nfsdport.c
===================================================================
--- kfreebsd-9-9.0.orig/sys/fs/nfsserver/nfs_nfsdport.c	2013-04-29 22:53:42.000000000 +0100
+++ kfreebsd-9-9.0/sys/fs/nfsserver/nfs_nfsdport.c	2013-04-29 22:54:00.428787262 +0100
@@ -1550,6 +1550,8 @@
 			nd->nd_repstat = NFSERR_BAD_COOKIE;
 #endif
 	}
+	if (!nd->nd_repstat && vp->v_type != VDIR)
+		nd->nd_repstat = NFSERR_NOTDIR;
 	if (nd->nd_repstat == 0 && cnt == 0) {
 		if (nd->nd_flag & ND_NFSV2)
 			/* NFSv2 does not have NFSERR_TOOSMALL */
-- 
9FED 5C6C E206 B70A 5857  70CA 9655 22B9 D49A E731
Debian Developer | Lisp Hacker | CaCert Assurer
Reply to: