| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4798FDF2.3000605@redhat.com>
Date: Thu, 24 Jan 2008 15:06:58 -0600
From: Eric Sandeen <sandeen@...hat.com>
To: Willy Tarreau <w@....eu>
CC: dann frazier <dannf@...nf.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] 2.4: fix memory corruption from misinterpreted bad_inode_ops
return values
Willy Tarreau wrote:
> Hi Dann,
>
> On Wed, Jan 23, 2008 at 11:12:12PM -0700, dann frazier wrote:
>> This is a 2.4 backport of a linux-2.6 change by Eric Sandeen
>> (commit be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8)
>>
>> CVE-2006-5753 was assigned for this issue.
>>
>> I've built and boot-tested this, but I'm not sure how to exercise
>> these codepaths.
>
> I have no idea either. Let's consider that if nobody on the list knows
> how to do so, I'll merge it since you did not notice any regression.
>
> Thanks,
> Willy
>
Sorry... here you go. Forgot to post this sooner. I hit it with
this on 2.6.x
#include <stdio.h>
#include <sys/types.h>
#include <sys/errno.h>
static int return_EIO(void)
{
return -EIO;
}
int main(int argc, char ** argv)
{
ssize_t error;
ssize_t realerror = -EIO;
ssize_t (*fn_ptr)(void);
fn_ptr = (void *)return_EIO;
error = (ssize_t)fn_ptr();
printf("and... error is %ld, should be %ld\n", error, realerror);
return 0;
}
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists