[Bug 1062022] Re: exportfs crash with long path

[Ivan Romanov]

strtoint has unsigned int type. no need to use any cast.
type of export_hash is insignificant because division of module always will be positive. num alway positive and HASH_TABLE_SIZE always positive (it is DEFINE and it can be any value but if it will non positive it will be error). So division a positive by a positive will always a positive. In function uses modulo operation so result will be sufficient small to fit in int.

in any case patch was applied by upstream 
http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commitdiff;h=a16f4a13677d13b0aae9327a3b9e8414470b7927

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1062022

Title:
  exportfs crash with long path

Status in “nfs-utils” package in Ubuntu:
  Triaged

Bug description:
  How reproducible:
  always

  Steps to Reproduce:
  # mkdir -p /home/kudinae/Общедоступные
  # echo '/home/kudinae/Общедоступные oek-1(rw,sync,no_wdelay,no_root_squash,no_subtree_check)' > /etc/exports
  # exportfs -a
  Segmentation fault

  I've obtained the sources. So a crush happens on export.c:293. variable pos has negative value. I think problem into strtoint and export_hash functions. strtoint has unsigned type and always returns positive value but export_hash impicity cast it to signed int. So it is possible to get negative value. 
  I wrote patch to fix this.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1062022/+subscriptions