lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 24 Apr 2008 04:26:46 +0900
From:	"Frank Bennett" <biercenator@...il.com>
To:	"Mauro Carvalho Chehab" <mchehab@...radead.org>
Cc:	"Michael Krufky" <mkrufky@...uxtv.org>,
	"Hans Verkuil" <hverkuil@...all.nl>, video4linux-list@...hat.com,
	"Alan Cox" <alan@...rguk.ukuu.org.uk>,
	linux-kernel@...r.kernel.org, ivtv-devel@...vdriver.org
Subject: Re: [PATCH] Fix VIDIOCGAP corruption in ivtv

Maruo,

I don't want to make your life more complicated than necessary, but
while we're on the topic of attribution ...

The real work in identifying this issue was done by Andrew Macks, the
engineer at Skype. My role in the affair consisted of complaining,
sending along a log file, recompiling the kernel, and writing an email
message.

I relayed the initial response I received from Hans Verkuil to Andrew
(via skype chat, I do not have an email address for him), to let him
know that the problem was being addressed in the kernel, and he was
glad to hear the news. But watching things unfold, I have been feeling
slightly incomfortable that only my name might end up in the chain of
correspondence, and not his.  I would just like to slip in a note here
to that effect.

Frank Bennett



On Thu, Apr 24, 2008 at 2:34 AM, Mauro Carvalho Chehab
<mchehab@...radead.org> wrote:
> On Sun, 20 Apr 2008 12:10:00 -0400
>  Michael Krufky <mkrufky@...uxtv.org> wrote:
>
>  > Hans Verkuil wrote:
>  > > On Sunday 20 April 2008 13:27:36 Alan Cox wrote:
>  > >
>  > >> Frank Bennett reported that ivtv was causing skype to crash. With
>  > >> help from one of their developers he showed it was a kernel problem.
>  > >> VIDIOCGCAP copies a name into a fixed length buffer - ivtv uses names
>  > >> that are too long and does not truncate them so corrupts a few bytes
>  > >> of the app data area.
>  > >>
>  > >> Possibly the names also want trimming but for now this should fix the
>  > >> corruption case.
>  > >>
>  > >
>  > > Ouch, nasty one.
>  > >
>  > > Mauro, can you apply this patch to the v4l-dvb master?
>  > >
>  > > Mike, this one should obviously go into a 2.6.25 dot-release, and I
>  > > think also to a 2.6.24 dot-release.
>  > >
>  > > Frank, thank you for reporting this!
>  > >
>  > >     Hans
>  > >
>  > > Signed-off-by: Hans Verkuil <hverkuil@...all.nl>
>  > >
>  >
>  > Signed-off-by: Michael Krufky <mkrufky@...uxtv.org>
>
>  In this case, it should be reviewed-by.
>
>  I should be sending this soon to Linus.
>
>  Cheers,
>  Mauro
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ