| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Nov 2017 15:52:22 +0000
From: Al Viro <viro@...IV.linux.org.uk>
To: Arnd Bergmann <arnd@...db.de>
Cc: Richard Henderson <rth@...ddle.net>,
Ivan Kokshaysky <ink@...assic.park.msu.ru>,
Matt Turner <mattst88@...il.com>, y2038@...ts.linaro.org,
Deepa Dinamani <deepa.kernel@...il.com>,
stable@...r.kernel.org, linux-alpha@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] alpha: osf_sys.c: fix put_tv32 regression
On Tue, Nov 07, 2017 at 03:09:24PM +0100, Arnd Bergmann wrote:
> There was a typo in the new version of put_tv32() that caused
> uninitialized stack data to be written back to user space, rather
> than writing the actual timeval for the emulation of
> gettimeofday(), wait4(), usleep_thread() and old_adjtimex().
>
> This fixes it to write the correct data again.
*blink*
the bug is real, all right, and the fix is correct one, but where
do you get an infoleak? What it is is a user-triggerable oops -
just pass it an unmapped address. For anything mapped r/w it's
simply a no-op - userland data is unchanged.
IOW, the fix is correct, but commit message isn't - it's
"user-triggerable oops and in all cases failed to modify userland timeval32"
not
"uninitialized stack data to be written back to user space"
Powered by blists - more mailing lists