[BUG] Stack buffer overflow WRITE of size 1 in nfs_start function
Sascha Hauer
sha at pengutronix.de
Tue May 11 01:58:45 PDT 2021
On Mon, May 10, 2021 at 04:38:51PM +0530, Neeraj Pal wrote:
> Hi Sascha,
>
> Thank you for the patches.
>
> I have confirmed it and observed no crashes as reported earlier but I
> think there is a small typo in the nfs_start() function in
> net/nfs.c#L677.
>
> 672 static int nfs_start(char *p)
> 673 {
> 674 debug("%s\n", __func__);
> 675
> 676 nfs_path = strdup(p);
> 677 if (nfs_path)
> 678 return -ENOMEM;
> 679
>
> In line 677, if strdup is successful then it is returning ENOMEM so I
> think there is a typo, it is supposed to check for NULL so it would be
> if (!nfs_path) or if (nfs_path == NULL) then it should return ENOMEM.
>
> Please confirm and also sending a small patch.
Ok, so my patch doesn't resolve the whole issue. I just tried the nfs
command once after a long time now and this really seems to be broken
in other ways as well. I tend to entirely remove the command instead
of further trying to fix it. The normal way to handle nfs should be
to use the NFS filesystem implementation anyway which would be
mount -t nfs $server:/path/to/share /foo
I don't think we have the manpower to maintain two NFS implementations,
so we shouldn't try to.
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list