lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 16 May 2007 21:00:53 +0100
From:	Richard Purdie <rpurdie@...nedhand.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Randy Dunlap <randy.dunlap@...cle.com>,
	linux-kernel@...r.kernel.org
Subject: Re: 2.6.22-rc1-mm1

On Wed, 2007-05-16 at 10:06 -0700, Andrew Morton wrote:
> On Wed, 16 May 2007 18:00:43 +0100 Richard Purdie <rpurdie@...nedhand.com> wrote:
> 
> > On Wed, 2007-05-16 at 09:50 -0700, Randy Dunlap wrote:
> > > On Tue, 15 May 2007 20:19:14 -0700 Andrew Morton wrote:
> > > 
> > > > 
> > > > ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.22-rc1/2.6.22-rc1-mm1/
> > > 
> > > LZO build fails on allyesconfig:
> > > 
> > > lib/built-in.o: In function `lzo1x_1_compress':
> > > lib/lzo/minilzo.c:724: multiple definition of `lzo1x_1_compress'                           fs/built-in.o:fs/reiser4/plugin/compress/minilzo.c:1307: first defined here
> > > ld: Warning: size of symbol `lzo1x_1_compress' changed from 1541 in fs/built-in.o to 244 in lib/built-in.o
> > > lib/built-in.o: In function `lzo1x_decompress':                                            lib/lzo/minilzo.c:885: multiple definition of `lzo1x_decompress'
> > > fs/built-in.o:fs/reiser4/plugin/compress/minilzo.c:1466: first defined here                ld: Warning: size of symbol `lzo1x_decompress' changed from 1047 in fs/built-in.o to 678 in lib/built-in.o
> > > make: *** [.tmp_vmlinux1] Error 1
> > > make: Target `all' not remade because of errors.
> > 
> > Looks like reiser4 contains a copy of minilzo used as some kind of
> > compression plugin. It can be dropped in favour of the version in
> > lib/lzo/, they'll be compatible.
> > 
> > Andrew: Do you want a patch to remove it from reiser4?
> > 
> 
> yes please.

Sent.

I also noticed that reiser4 is using lzo1x_decompress(), not
lzo1x_decompress_safe(). The unsafe version is open to buffer overflows
through malicious data since it performs no validation of where it
writes output to. I'm not sure whether thats acceptable in filesystem
code, I'd suspect not?

Fixing it is a case of s/lzo1x_decompress(/lzo1x_decompress_safe(/ in 
fs/reiser4/plugin/compress/compress.c...

Richard


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ