Hi, Chuck Lever,
CVE-2022-43945(https://nvd.nist.gov/vuln/detail/CVE-2022-43945) describe
that a normal request header ended with garbage data can trigger the
nfsd overflow since nfsd share the request and response with the same
pages array.
It seems that the
patchset(https://lore.kernel.org/linux-nfs/166204973526.1435.6068003336048840051.stgit@xxxxxxxxxxxxxxxxxxxxx/T/#t)
has solved NFSv2/NFSv3, but leave NFSv4 still vulnerably?
Another question, for stable branch like lts-5.10, since NFSv2/NFSv3 did
not switch to xdr_stream, the nfs_request_too_big in nfsd_dispatch will
reject the request like READ/READDIR with too large request. So it seems
branch without that "switch" seems ok for NFSv2/NFSv3, but NFSv3 still
vulnerably. right?
Looking forward to your reply!
Thanks,
Erkun Yang
