| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Aug 2012 18:55:17 -0400 From: Theodore Ts'o <tytso@....edu> To: Jim Keniston <jkenisto@...ibm.com> Cc: linux-ext4@...r.kernel.org, ddstreet@...ibm.com, mcao@...ibm.com, alexfr@...ibm.com Subject: Re: [PATCH] e2fsprogs: e2fsck_handle_read_error - pass along negative count On Mon, Aug 06, 2012 at 01:05:53PM -0700, Jim Keniston wrote: > When passed a negative count (indicating a byte count rather than > a block count) e2fsck_handle_read_error() treats the data as a full > block, causing unix_write_blk64() (which can handle negative counts > just fine) to try to write too much. Given a faulty block device, > this resulted in a SEGV when unix_write_blk64() read past the bottom > of the stack copying the data to cache. (check_backup_super_block -> > unix_read_blk64 -> raw_read_blk -> e2fsck_handle_read_error) > > Signed-off-by: Jim Keniston <jkenisto@...ibm.com> > Signed-off-by: Dan Streetman <ddstreet@...ibm.com> > Reviewed-by: Mingming Cao <mcao@...ibm.com> > Reported-by: Alex Friedman <alexfr@...ibm.com> Thanks, applied! I changed the one-line summary to read: e2fsck: fix potential segv when handling a read error in a superblock - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists