pool/nfs-utils
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7c9d9199ed
nfs-utils/addmntent.fix
Neil Brown c14176b6b8 - nfs.init,nfsserver.init,sysconfig.nfs - Add support 
for configuring NFS for a fail-over configuration
  with shared state. (bnc#689622)
- rpc.mountd-segfault-fix; fix possible segfault caused
  by "showmount -e" usage. (bnc#693189)
- do-not-error-when-address-family-not-supported -
  suppress socket error when IPv6 is not loaded
  (bnc#670449)
- addmntent.fix - error check writes to /etc/mtab and
  cope accordingly. (bnc#689799)
- mount-catch-signals - don't abort on SIGXSFZ or other
  signals while mtab is locked (bnc#689799)
- mountd-auth-fix - fix bug that could give away incorrect
  access to NFS exported filesystems. (bnc#701702)

OBS-URL: https://build.opensuse.org/package/show/Base:System/nfs-utils?expand=0&rev=52
2011-06-23 05:52:18 +00:00

53 lines
1.5 KiB
Plaintext
Raw Blame History

From a47739bf3b89432e112d1d2ed9bbdaf1e09d450a Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@suse.de>
Date: Tue, 17 May 2011 14:36:21 +1000
Subject: [PATCH] Remove risk of nfs_addmntent corrupting mtab
nfs_addmntent is used to append directly to /etc/mtab.
If the write partially fail, e.g. due to RLIMIT_FSIZE,
truncate back to original size and return an error.
See also https://bugzilla.redhat.com/show_bug.cgi?id=697975
(CVE-2011-1749) CVE-2011-1749 nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE
Signed-off-by: NeilBrown <neilb@suse.de>
---
support/nfs/nfs_mntent.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- nfs-utils-1.2.1.orig/support/nfs/nfs_mntent.c
+++ nfs-utils-1.2.1/support/nfs/nfs_mntent.c
@@ -12,6 +12,7 @@
#include <string.h> /* for index */
#include <ctype.h> /* for isdigit */
#include <sys/stat.h> /* for umask */
+#include <unistd.h> /* for ftruncate */
#include "nfs_mntent.h"
#include "nls.h"
@@ -127,9 +128,11 @@ int
nfs_addmntent (mntFILE *mfp, struct mntent *mnt) {
char *m1, *m2, *m3, *m4;
int res;
+ off_t length;
if (fseek (mfp->mntent_fp, 0, SEEK_END))
return 1; /* failure */
+ length = ftell(mfp->mntent_fp);
m1 = mangle(mnt->mnt_fsname);
m2 = mangle(mnt->mnt_dir);
@@ -143,6 +146,12 @@ nfs_addmntent (mntFILE *mfp, struct mnte
free(m2);
free(m3);
free(m4);
+ if (res >= 0)
+ res = fflush(mfp->mntent_fp);
+ if (res < 0)
+ /* Avoid leaving a corrupt mtab file */
+ ftruncate(fileno(mfp->mntent_fp), length);
+
return (res < 0) ? 1 : 0;
}
Reference in New Issue View Git Blame Copy Permalink