Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7931

[RHEL 9] tools/rpcdebug/rpcdebug.c: get_flags() fails to check read() return properly

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • nfs-utils-2.5.4-23.el9
    • None
    • None
    • rhel-sst-filesystems
    • ssg_filesystems_storage_and_HA
    • 26
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:
      If libcall read(sysfd, buffer, sizeof(buffer) returns 0, it may lead to an underflow later in buffer[len - 1].

      ...snip...
      248 static unsigned int
      249 get_flags(char *module)
      250 {
      251 char buffer[256], filename[256];
      252 int sysfd, len;
      253
      254 snprintf(filename, 256, "/proc/sys/sunrpc/%s_debug", module);
      255
      256 if ((sysfd = open(filename, O_RDONLY)) < 0)

      { 257 perror(filename); 258 exit(1); 259 }

      260 if ((len = read(sysfd, buffer, sizeof(buffer))) < 0)

      { // <- if len returns 0 here 261 perror("read"); 262 exit(1); 263 }

      264 close(sysfd);
      265 buffer[len - 1] = '\0'; // <- buffer underflow
      266
      267 return strtoul(buffer, NULL, 0);
      268 }
      ...snip...

      Version-Release number of selected component (if applicable):
      nfs-utils-2.5.4-18.el9

              stevedatrhn Steve Dickson
              rh-ee-yieli Zhi Li
              Steve Dickson Steve Dickson
              Yongcheng Yang Yongcheng Yang
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: