Skip to content

Correclty pass through Ipv6 addresses in sharenfs #11939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 20, 2021
Merged

Correclty pass through Ipv6 addresses in sharenfs #11939

merged 1 commit into from
Oct 20, 2021

Conversation

felixdoerre
Copy link
Contributor

@felixdoerre felixdoerre commented Apr 25, 2021
edited
Loading

Recognize when the host part of a sharenfs attribute is an ipv6 Literal and pass that through without modification.

Motivation and Context

Closes: #11171
Closes: #1894

It might also solve CVE-2013-20001. This depends on the expectations an admin has. CVE-2013-20001 is exploitable when an admin configures an ipv6 address (range) for sharenfs and it is effectively ignored resulting in no error. With this patch, the Ipv6 range is interpreted successfully if enclosed in square brackets. If it is not enclosed in square brackets it is still interpreted as before: a list of strange host names, which could result in the confusion for CVE-2013-20001.

Description

If a host starts with [ it is interpreted as an Ipv6 Literal. In that case, the host is assumed to go until the next ]. If such a ] does not occur, it is treated as syntax error. The next byte after ] must be either : (for another host) or a null byte or / indicating an IP-Range.

How Has This Been Tested?

Created a new test case that runs through perfectly. Also manually setting the property and inspecting the corresponding file in /etc/exports shows the expected contents.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Performance enhancement (non-breaking change which improves efficiency)
  • Code cleanup (non-breaking change which makes code smaller or more readable)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
  • Documentation (a change to man pages or other documentation)

Checklist:

@felixdoerre felixdoerre force-pushed the ipv6_sharenfs branch 3 times, most recently from beba464 to 9782d81 Compare April 26, 2021 06:12
@behlendorf behlendorf added Status: Work in Progress Not yet ready for general review Component: Share "zfs share" feature labels Apr 26, 2021
@felixdoerre felixdoerre force-pushed the ipv6_sharenfs branch 4 times, most recently from 68dad9c to 8fe9726 Compare May 16, 2021 10:58
@felixdoerre
Copy link
Contributor Author

@behlendorf Hi, I've found time to build/run testcases locally. I have now moved some of the testing into a new test case and in the last force-push updated only the assertions in that test case. I have run the new test-case locally and it goes through, so I am resonably sure that we shouldn't see any CI-Failure caused by the changes.

I'd say that this PR is now ready for review, but I can't remove the "Work-In-Progress"-Label. It would be nice, if you could do that.

@felixdoerre felixdoerre force-pushed the ipv6_sharenfs branch 2 times, most recently from 1503482 to bd2ca17 Compare May 17, 2021 00:51
@behlendorf behlendorf added Status: Code Review Needed Ready for review and testing and removed Status: Work in Progress Not yet ready for general review labels May 19, 2021
@felixdoerre felixdoerre force-pushed the ipv6_sharenfs branch 2 times, most recently from f263525 to 51ddcd5 Compare October 18, 2021 19:33
behlendorf
behlendorf approved these changes Oct 18, 2021
View reviewed changes
Copy link
Contributor

@behlendorf behlendorf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for rebasing this and including the test case. This looks reasonable to me.

@behlendorf behlendorf requested a review from grwilson October 18, 2021 23:48
@behlendorf behlendorf added Status: Accepted Ready to integrate (reviewed, tested) and removed Status: Code Review Needed Ready for review and testing labels Oct 20, 2021
@behlendorf behlendorf merged commit 6cb5e1e into openzfs:master Oct 20, 2021
@dacianstremtan
Copy link
Contributor

Do you know when this pull request will make it into the official release? I see it merged in the master branch, but the code is not making in the official releases

@dacianstremtan dacianstremtan mentioned this pull request Jun 9, 2023
Open
behlendorf pushed a commit to behlendorf/zfs that referenced this pull request Dec 21, 2023
@felixdoerre @behlendorf
libshare: nfs: pass through ipv6 addresses in bracket notation
74150a3 
Recognize when the host part of a sharenfs attribute is an ipv6
Literal and pass that through without modification.

Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Felix Dörre <[email protected]>
Closes: openzfs#11171
Closes openzfs#11939
Closes: openzfs#1894
behlendorf pushed a commit that referenced this pull request Dec 22, 2023
@felixdoerre @behlendorf
libshare: nfs: pass through ipv6 addresses in bracket notation
9e41d5d 
Recognize when the host part of a sharenfs attribute is an ipv6
Literal and pass that through without modification.

Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Felix Dörre <[email protected]>
Closes: #11171
Closes #11939
Closes: #1894
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behlendorf behlendorf behlendorf approved these changes

@grwilson grwilson Awaiting requested review from grwilson

Assignees

@jwk404 jwk404

Labels
Component: Share "zfs share" feature Status: Accepted Ready to integrate (reviewed, tested)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

can't specify IPV6 range in sharenfs sharenfs and IPv6 on Ubuntu 12.04
4 participants
@felixdoerre @dacianstremtan @behlendorf @jwk404