lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202502210936.8A4F1AB@keescook>
Date: Fri, 21 Feb 2025 09:38:11 -0800
From: Kees Cook <kees@...nel.org>
To: Mateusz Guzik <mjguzik@...il.com>
Cc: Ronald Monthero <debug.penguin32@...il.com>, al@...rsen.net,
	gustavoars@...nel.org, linux-kernel@...r.kernel.org,
	linux-hardening@...r.kernel.org, brauner@...nel.org, jack@...e.cz,
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] qnx4: fix to avoid panic due to buffer overflow

On Fri, Feb 21, 2025 at 03:51:23PM +0100, Mateusz Guzik wrote:
> On Sun, Nov 12, 2023 at 07:53:53PM +1000, Ronald Monthero wrote:
> > qnx4 dir name length can vary to be of maximum size
> > QNX4_NAME_MAX or QNX4_SHORT_NAME_MAX depending on whether
> > 'link info' entry is stored and the status byte is set.
> > So to avoid buffer overflow check di_fname length
> > fetched from (struct qnx4_inode_entry *)
> > before use in strlen to avoid buffer overflow.
> > 
> 
> Inspired by removals of reiserfs and sysv I decided to try to whack
> qnx4.

I have no strong opinion here beyond just pointing out that it appears
that the qnx4 fs is still extant in the world. QNX itself is still alive
and well and using this filesystem based on what I can find.

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ