On Wed, 22 Jun 2011 10:50:11 -0600 Chuck Lever <chuck.lever@xxxxxxxxxx> wrote: > Thanks. > > This is a security problem, but I don't want to lose sight of the original cause of this bug, which was my lack of understanding of the function of the old code and the API contract (return only _one_ address). > > For extra credit, we might check if statd has a similar issue when it matches addresses. > I don't think statd is vulnerable, as best I can tell. I don't see any places where we do a getnameinfo on an address and then go and use that to get a list of addresses with getaddrinfo. Please do double check me on this though. I go on vacation next week and I think my brain might already have left. -- Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
