Package: nfs-common
Version: 1.1.1-13
Severity: important
In current nfsmount, two tests of the mount result version are out of
sync. The test in nfs_call_mount tests the mnt_server->pmap.pm_vers to
decide what mount function (v2 or v3) to call, but later in nfsmount(),
(nfs_pmap->pm_vers == 2) condition is used to decide about the result
format, which is wrong. The result is then misinterpreted, causing a
segfault.
With nfsmount being SUID root, this could be quite serious, although I
am currently unsure if it's exploitable.
Trivial fix attached.
--
Jindrich Makovicka
--- nfsmount.c.orig 2007-10-19 05:07:28.000000000 +0200
+++ nfsmount.c 2008-02-15 23:43:32.000000000 +0100
@@ -714,7 +714,7 @@
rpc_mount_errors(*nfs_server.hostname, 1, bg);
}
- if (nfs_pmap->pm_vers == 2) {
+ if (mnt_pmap->pm_vers <= 2) {
if (mntres.nfsv2.fhs_status != 0) {
nfs_error(_("%s: %s:%s failed, reason given by server: %s"),
progname, hostname, dirname,
