lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 16 May 2008 09:00:48 +0200 (CEST)
From:	Geert Uytterhoeven <geert@...ux-m68k.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
cc:	Cyrill Gorcunov <gorcunov@...il.com>,
	torvalds@...ux-foundation.org, zippel@...ux-m68k.org,
	schwab@...e.de, linux-kernel@...r.kernel.org,
	linux-m68k@...r.kernel.org
Subject: Re: [PATCH] init - fix building bug and potential buffer overflow

On Thu, 15 May 2008, Andrew Morton wrote:
> On Fri, 16 May 2008 00:22:14 +0400
> "Cyrill Gorcunov" <gorcunov@...il.com> wrote:
> > On 5/15/08, Geert Uytterhoeven <geert@...ux-m68k.org> wrote:
> > > On Thu, 15 May 2008, Cyrill Gorcunov wrote:
> > >> [Andrew Morton - Thu, May 15, 2008 at 10:58:03AM -0700]
> > >> | On Wed, 14 May 2008 19:44:02 +0400 Cyrill Gorcunov <gorcunov@...il.com>
> > >> wrote:
> > >> strlcat there but it seems it would fail to build too. Originally I've
> > >> messed
> > >> strlcat with strncat :(
> > >
> > > Actually it build and runs fine after s/strncat/strlcat/...
> > >
> 
> (top-posting repaired)
> 
> > Could you please make an update to the patch? I can make it only
> > tomorrow evening (ie not that fast)
> 
> Like this?

Builds and boots fine!

> From: Cyrill Gorcunov <gorcunov@...il.com>
> 
> This patch fixes a build bug on m68k - gcc decides to emit a call to the
> strlen library function, which we don't implement.  Use strlcat() instead.
> 
> 
> What is more important - my previous patch
> 
> commit e662e1cfd434aa234b72fbc781f1d70211cb785b
> Author: Cyrill Gorcunov <gorcunov@...il.com>
> Date:   Mon May 12 14:02:22 2008 -0700
> 
>     init: don't lose initcall return values
> 
> Has introduced potential buffer overflow by wrong calculation of string
> accumulator size.
> 
> Many thanks Andreas Schwab and Geert Uytterhoeven for helping
> to catch and fix the bug.
> 
> Signed-off-by: Cyrill Gorcunov <gorcunov@...il.com>
> Cc: Geert Uytterhoeven <geert@...ux-m68k.org>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>

Acked-by: Geert Uytterhoeven <geert@...ux-m68k.org>

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ