| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 4 Aug 2018 08:04:51 -0700
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Bart Massey <bart.massey@...il.com>,
Dave Kleikamp <shaggy@...nel.org>,
jfs-discussion@...ts.sourceforge.net,
Kees Cook <keescook@...omium.org>, stable@...r.kernel.org
Subject: [GIT PULL] usercopy fix for v4.18-rc8
Hi,
Please pull this usercopy fix for v4.18-rc8. Bart Massey discovered that
the usercopy whitelist for JFS was incomplete: the inline inode data may
intentionally "overflow" into the neighboring "extended area", so the
size of the whitelist needed to be raised to include the neighboring
field.
Thanks!
-Kees
The following changes since commit 7daf201d7fe8334e2d2364d4e8ed3394ec9af819:
Linux 4.18-rc2 (2018-06-24 20:54:29 +0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/usercopy-fix-v4.18-rc8
for you to fetch changes up to 961b33c244e5ba1543ae26270a1ba29f29c2db83:
jfs: Fix usercopy whitelist for inline inode data (2018-08-04 07:53:46 -0700)
----------------------------------------------------------------
- Fix JFS usercopy whitelist (it needed to cover neighboring field too) for
"overflow" inline inode data.
----------------------------------------------------------------
Kees Cook (1):
jfs: Fix usercopy whitelist for inline inode data
fs/jfs/jfs_dinode.h | 7 +++++++
fs/jfs/jfs_incore.h | 1 +
fs/jfs/super.c | 3 +--
3 files changed, 9 insertions(+), 2 deletions(-)
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists