lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 13 Dec 2013 11:14:03 +0000
From:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
To:	vegard.nossum@...cle.com
Cc:	linux-kernel@...r.kernel.org,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH 5/9] hfsplus: Known exploit detection for CVE-2012-2319

On Thu, 12 Dec 2013 17:52:28 +0100
vegard.nossum@...cle.com wrote:

> From: Vegard Nossum <vegard.nossum@...cle.com>
> 
> See 6f24f892871acc47b40dd594c63606a17c714f77.
> 
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> Signed-off-by: Vegard Nossum <vegard.nossum@...cle.com>
> ---
>  fs/hfsplus/catalog.c |    2 ++
>  fs/hfsplus/dir.c     |    3 +++
>  2 files changed, 5 insertions(+)
> 
> diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c
> index 968ce41..5f47a1a 100644
> --- a/fs/hfsplus/catalog.c
> +++ b/fs/hfsplus/catalog.c
> @@ -8,6 +8,7 @@
>   * Handling of catalog records
>   */
>  
> +#include <linux/exploit.h>
>  
>  #include "hfsplus_fs.h"
>  #include "hfsplus_raw.h"
> @@ -374,6 +375,7 @@ int hfsplus_rename_cat(u32 cnid,
>  	if (err)
>  		goto out;
>  	if (src_fd.entrylength > sizeof(entry) || src_fd.entrylength < 0) {
> +		exploit("CVE-2012-2319");

Whooppee but if I drive the box totally out of memory with several of
these file systems I can cause all sorts of problems due to missing null
checks, and I can feed some others such as reiserfs (why do we still ship
that ?) corrupt disk images and patch the kernel that way.

So surely we ought to be fixing the actual bugs first ?

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ