| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bug-199185-13602-ZuG4g0rcgU@https.bugzilla.kernel.org/>
Date: Tue, 27 Mar 2018 02:28:49 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...nel.org
Subject: [Bug 199185] Invalid pointer dereference in get_acl (fs/posix_acl.c)
when mounting and operating crafted ext4 image
https://bugzilla.kernel.org/show_bug.cgi?id=199185
Eric Biggers (ebiggers3@...il.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ebiggers3@...il.com
--- Comment #4 from Eric Biggers (ebiggers3@...il.com) ---
The above patch is wrong; it makes ext4_get_acl() always fail with ERANGE,
because ext4_get_acl() uses buffer=NULL and buffer_size=0 to get the size of
the xattr. Likewise getxattr(..., NULL, 0) is broken. I think we should check
'size' against XATTR_SIZE_MAX in the !buffer case instead. Also checking 'size
< 0' is unnecessary since 'size' is unsigned.
--
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists