Ubuntu
libnfs package

  1. Bug #1746598
  2. Comment #23

Comment 23 for bug 1746598

Revision history for this message
Leonidas S. Barbosa (leosilvab) wrote :

Bellow is the review for 2.0.0 - cosmic and bionic. Pls feel free to add your considerations :)

build dependencies:
 - debhelper, dh-autoreconf, libnfs11

- No CVE history
- Security bugs found between 2.0.0...3.0.0:
   commit 486b74f64717dfb8bef774fc795636fa4faf4071

     Avoid underflow in readahead when offset < NFS_BLKSIZE

   commit 0c5732eb2605d2046e62b24cdc6439b7b94d06fc
   Author: Ronnie Sahlberg <email address hidden>
   Date: Sun Jul 2 07:48:56 2017 +1000

    Fix SEGV in rename error paths and add tests

    Signed-off-by: Ronnie Sahlberg <email address hidden>

- Other fixes I would consider, but I think you want to take a look also in the log between 2.0.0 ... 3.0.0 to add or be sure, are:

commit e8a200483f54f29eb3cd3311335c35df9fd755a4
Author: Shreyas Siravara <email address hidden>
Date: Mon Apr 23 12:29:59 2018 -0700

    Use MSG_NOSIGNAL when calling send() to avoid SIGPIPE

commit ea94d4e3a6d6947e2f239b015723bb4884f63b74
Author: Ronnie Sahlberg <email address hidden>
Date: Sat Jul 1 10:16:36 2017 +1000

    nfs_symlink: Fix it so we can create symlinks in the current directory

    Fix a bug in hte symlink code that required that linkname contained at least one
    path component and thus prevented us from creating symlinks in the current
    directory.

    Signed-off-by: Ronnie Sahlberg <email address hidden>

commit fb1efbe51caa5eb718aa53ef0828270256675efa
Author: Chris Richards <email address hidden>
Date: Wed Jul 5 12:49:57 2017 -0500

    Increased resolution of PDU timeout from seconds to milliseconds

commit df72323c4609771f7441b45604ffff16a2ce82d8
Author: Shreyas Siravara <email address hidden>
Date: Mon Apr 23 12:33:29 2018 -0700

    nfs_opendir_cb should not queue a READDIR on error

    Explanation of the bug:
    - nfs_opendir_cb() queues a READDIR when it receives RPC_STATUS_ERROR.
    - rpc_purge_all_pdus() explicitly says that no further pdus should be
      queued when rpc_purge_all_pdus() is invoked and the outqueue is being
      cleared.
    - Since nfs_opendir_cb() is called in rpc_purge_all_pdus() with
      status=RPC_STATUS_ERROR, this invariant is broken.

    Fix:
    - Invoke check_nfs3_error() which will invoke the appropriate
      callback with the right error.
    - Disallow queueing a request in the if block

commit 6ea6002e08e607abcfeb2e0d2af2c8b3609bfec1
Author: Ronnie Sahlberg <email address hidden>
Date: Mon Jul 3 07:00:10 2017 +1000

    Fix nfs_creat() so it works with local directories and add tests

    Signed-off-by: Ronnie Sahlberg <email address hidden>

- Hardening:
  Stack protected: yes
  Fortify Source Functions: yes
  RO relocations: yes

- no pre or postinst scripts
- no systemd unit files
- no system dbus services
- no setuid files
- no binaries -in PATH

- doesn't spawn other process
- memory mgmt looks good (except for the bugs found/fixed previously see them above)
- file IO - so far so good
- does not use dbus
- does not use webkit
- does not use temp files (only docs)
- does not use javascript
- no majors/relevant cppcheck errors
- does not use polkit