Date: Mon, 12 Apr 1999 11:50:45 -0700 From: "Jan B. Koum " <jkb@best.com> To: Matthew Dillon <dillon@apollo.backplane.com>, "David E. Cross" <crossd@cs.rpi.edu> Cc: freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: increased crashing in NFS server Message-ID: <19990412115045.B8671@best.com> In-Reply-To: <199904110703.AAA03493@apollo.backplane.com>; from Matthew Dillon on Sun, Apr 11, 1999 at 12:03:49AM -0700 References: <199904110341.XAA17071@cs.rpi.edu> <199904110703.AAA03493@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 11, 1999 at 12:03:49AM -0700, Matthew Dillon <dillon@apollo.backplane.com> wrote: > :I recently updated all of our FreeBSD3 clients to use NFSv3/UDP when > :contacting our servers (FreeBSD3 of the same build tree). We have > :noticed an increase in crashing of our main home directory server > :(which is the only server really handling RW mounts, our other servers > :are mostly RO, with some minor RW activity.) The first crash was > :obviously NFS. I traced it to one of 2 possible crash points in the > :kernel (sorry, no stack trace, we don't [yet] have a crashlogs enabled > :for that machine.). > : > :The panic was: > :mbuf siz=33476 > :panic: Bad nfs svc reply > > You are using a 32K file block size? If so, reduce it to 8K. > > I think you've just shown us a security hole in the NFS system -- it > panics if it is given too large a response packet. Oops. It should > just print a message and drop the packet. This is not a new bug Matt :( Take a look at kern/6771 PR (still open). -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990412115045.B8671>