Question about CVE-2022-43945

Question about CVE-2022-43945 · yangerkun <hidden> · 2022-11-12
Re: Question about CVE-2022-43945 · yangerkun <hidden> · 2022-11-12
Re: Question about CVE-2022-43945 · Chuck Lever III <hidden> · 2022-11-12
Re: Question about CVE-2022-43945 · Salvatore Bonaccorso <hidden> · 2023-01-21
Re: Question about CVE-2022-43945 · NeilBrown <hidden> · 2023-01-22

From: yangerkun <hidden>
Date: 2022-11-12 05:02:03

Hi, Chuck Lever,

CVE-2022-43945(https://nvd.nist.gov/vuln/detail/CVE-2022-43945) describe 
that a normal request header ended with garbage data can trigger the 
nfsd overflow since nfsd share the request and response with the same 
pages array.

It seems that the 
patchset(https://lore.kernel.org/linux-nfs/166204973526.1435.6068003336048840051.stgit@manet.1015granger.net/T/#t (local)) 
has solved NFSv2/NFSv3, but leave NFSv4 still vulnerably?

Another question, for stable branch like lts-5.10, since NFSv2/NFSv3 did 
not switch to xdr_stream, the nfs_request_too_big in nfsd_dispatch will 
reject the request like READ/READDIR with too large request. So it seems 
branch without that "switch" seems ok for NFSv2/NFSv3, but NFSv3 still 
vulnerably. right?

Looking forward to your reply!

Thanks,
Erkun Yang

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help