| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Mar 2008 15:01:41 -0600 From: Paul Fulghum <paulkf@...rogate.com> To: rupesh.sugathan@...il.com CC: Alan Cox <alan@...rguk.ukuu.org.uk>, akpm@...ux-foundation.org, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: + n_tty-loss-of-sync-following-a-buffer-overflow.patch added to -mm tree Paul Fulghum wrote: > What I suggest is the following patch for processing NL > in canonical mode. FYI: I tested my patch by provoking the bug with a contrived pair of programs. Everything works as expected. Partially receive lines during buffer overflow are truncated. Subsequent lines after the ldisc buffer clears are intact, canon_data stays consistent with read_flags. *But* to force the bug I had to disable the check in flush_to_ldisc() that monitors the amount of receive room in the ldisc buffer before pushing data to the ldisc. This check was introduced in the flip buffer rewrite in 2.6 So the bug is real, the fix works, but in 2.6.24 this can never occur as the flip buffer holds data until N_TTY is ready to process it. Rupesh is working with 2.4.x which shares the same canonical NL processing but has the old flip buffer code that shoves data at N_TTY without regard for the receive room in N_TTY. I leave it to others to decide if applying the patch to 2.6 makes sense. -- Paul Fulghum Microgate Systems, Ltd. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists