| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 29 Oct 2014 21:36:12 +0300 From: Dan Carpenter <dan.carpenter@...cle.com> To: Andy Lutomirski <luto@...capital.net> Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, LSM List <linux-security-module@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, "security@...nel.org" <security@...nel.org>, James Morris <jmorris@...ei.org> Subject: Re: [GIT PULL] Fix for Integrity subsystem null pointer deref On Wed, Oct 29, 2014 at 09:23:45AM -0700, Andy Lutomirski wrote: > I have no idea what the semantics are. All I'm saying is that it > looks like the code still accesses memory past the end of the buffer. > The buffer isn't a null pointer, so the symptom is different, but it > may still be a security bug. > > --Andy It only reads one byte into the struct "xattr_data->type" so checking for non-zero is sufficient and the patch is fine. I fixed that exact same bug in lustre last week where the xattr size is not zero but it's less than the size of the struct. So this seems like maybe it could be a common anti-pattern though. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists