lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080124223904.GA28495@colo.lackof.org>
Date:	Thu, 24 Jan 2008 15:39:04 -0700
From:	dann frazier <dannf@...nf.org>
To:	Eric Sandeen <sandeen@...hat.com>
Cc:	Willy Tarreau <w@....eu>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] 2.4: fix memory corruption from misinterpreted
	bad_inode_ops return values

On Thu, Jan 24, 2008 at 03:06:58PM -0600, Eric Sandeen wrote:
> Willy Tarreau wrote:
> > Hi Dann,
> > 
> > On Wed, Jan 23, 2008 at 11:12:12PM -0700, dann frazier wrote:
> >> This is a 2.4 backport of a linux-2.6 change by Eric Sandeen
> >> (commit be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8)
> >>
> >> CVE-2006-5753 was assigned for this issue.
> >>
> >> I've built and boot-tested this, but I'm not sure how to exercise
> >> these codepaths.
> > 
> > I have no idea either. Let's consider that if nobody on the list knows
> > how to do so, I'll merge it since you did not notice any regression.
> > 
> > Thanks,
> > Willy
> > 
> 
> Sorry... here you go.  Forgot to post this sooner.  I hit it with
> this on 2.6.x
> 
> #include <stdio.h>
> #include <sys/types.h>
> #include <sys/errno.h>
> 
> static int return_EIO(void)
> {
>         return -EIO;
> }
> 
> int main(int argc, char ** argv)
> {
> 	ssize_t error;
> 	ssize_t realerror = -EIO;
> 	ssize_t (*fn_ptr)(void);
> 
> 	fn_ptr = (void *)return_EIO;
> 
> 	error = (ssize_t)fn_ptr();
> 	printf("and... error is %ld, should be %ld\n", error, realerror);
> 	return 0;
> }

Thanks Eric. Sounds like my comment about exercising these code paths
wasn't too clear - the comments with your patch do make the issue
clear, and this program demonstrates the void cast promotion issue
well. I'm just not sure of a good way to demonstrate that my backport
of this patch doesn't break anything for 2.4.

-- 
dann frazier

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ