From simon@comsys.ntu-kpi.kiev.ua  Tue Jul 31 12:54:04 2012
Return-Path: <simon@comsys.ntu-kpi.kiev.ua>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7DB39106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 31 Jul 2012 12:54:04 +0000 (UTC)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from comsys.kpi.ua (comsys.kpi.ua [77.47.192.42])
	by mx1.freebsd.org (Postfix) with ESMTP id CCCF18FC0A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 31 Jul 2012 12:54:03 +0000 (UTC)
Received: from pm513-1.comsys.kpi.ua ([10.18.52.101] helo=pm513-1.comsys.ntu-kpi.kiev.ua)
	by comsys.kpi.ua with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <simon@comsys.ntu-kpi.kiev.ua>)
	id 1SwBxa-00033r-Dl
	for FreeBSD-gnats-submit@freebsd.org; Tue, 31 Jul 2012 15:54:02 +0300
Received: by pm513-1.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1001)
	id 30CF71CC1E; Tue, 31 Jul 2012 15:54:01 +0300 (EEST)
Message-Id: <20120731125400.GA12154@pm513-1.comsys.ntu-kpi.kiev.ua>
Date: Tue, 31 Jul 2012 15:54:01 +0300
From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To: FreeBSD-gnats-submit@freebsd.org
Subject: mountd: correct credentials parsing in -mapall and -maproot options

>Number:         170295
>Category:       bin
>Synopsis:       [patch] mountd(8): correct credentials parsing in -mapall and -maproot options
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 31 13:00:25 UTC 2012
>Closed-Date:    Mon Sep 23 13:30:16 UTC 2013
>Last-Modified:  Mon Sep 23 13:30:16 UTC 2013
>Originator:     Andrey Simonenko
>Release:        FreeBSD 10.0-CURRENT amd64
>Organization:
>Environment:
>Description:

The usr.sbin/mountd/mountd.c:parsecred() function has the following mistakes:

1. It has buffer overflow if number of GIDs of some user is greater than
   the XU_NGROUPS value, incorrect usage of getgrouplist(3).

2. It incorrectly gets group lists for a user given without groups: it
   forgets about a single group of a user or forgets about the first
   supplementary group of a user.

3. If a user is unknown it silently uses -2:-2 credentials and this
   does not correspond to exports(5) rules.

4. If a group is unknown, then it ignores this group and this
   does not correspond to exports(5) rules.

5. It uses atoi(3) function to parse UID and GID, and does not check
   any mistakes in numbers.

>How-To-Repeat:
>Fix:
 [ patch elided - gavin@ ]
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: gavin 
State-Changed-When: Mon Sep 23 13:28:42 UTC 2013 
State-Changed-Why:  
PR closed at request of submitter. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=170295 
>Unformatted:
