| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4542251C.9050603@redhat.com> Date: Fri, 27 Oct 2006 10:26:20 -0500 From: Eric Sandeen <sandeen@...hat.com> To: Eric Sesterhenn / Snakebyte <snakebyte@....de> CC: linux-ext4@...r.kernel.org Subject: Re: EXT3 fuzzing Eric Sesterhenn / Snakebyte wrote: > hi, > > after fsfuzz > (http://www.securityfocus.com/archive/1/449568/30/0/threaded) was > released i decided to give it a spin. So far I got two problematic > images: > > http://www.cobra-basket.de/ext3_ls_prozzy_hog.img.bz2 > which makes the kernel use as much cpu as it can get > > http://www.cobra-basket.de/ext3_memhog.img.bz2 > eats all memory it can get > > I enabled jbd debugging for a while, and the traces looked > similar, but made not much sense to me. kmemleak > locked my box, so I was not able to get some debugging > info from there. > To test the images, just mount them, and do an ls > on the image. Hi Eric, I recently posted a patch to LKML ([PATCH] handle ext3 directory corruption better) to handle the broken fuzz cases I found. You might try again w/ that patch... I can also give your images a whirl. With the patch I submitted, I had thousands of successful fsfuzz runs. The only snag I hit was actually an fsfuzz bug; lost+found/ had been fuzzed so it looked like a pipe, and the "cat" part of the test hung up - not really an ext3 bug. Thanks, -Eric - To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists