lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 8 Sep 2008 17:14:50 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Eric Sesterhenn <snakebyte@....de>
Cc:	linux-kernel@...r.kernel.org, zippel@...ux-m68k.org
Subject: Re: [Patch] hfs: fix namelength memory corruption

On Mon, 8 Sep 2008 15:35:05 +0200
Eric Sesterhenn <snakebyte@....de> wrote:

> hi,
> 
> this is basically the same as
> hfsplus-fix-buffer-overflow-with-a-corrupted-image.patch.

I can't really use the above text in a changelog.  Think how it will
look in git in two years time.

> We use the length parameter for a memcopy without checking it and
> thereby corruption memory. 

"corrupting".

I assume that this bug was found using a deliberately corrupted
filesystem?  If so, that sort of thing should be described in the
changelog.

Please spend a little more time (say, 60 seconds) preparing patch
descriptions.


> Signed-off-by: Eric Sesterhenn <snakebyte@....de>
> 
> --- linux/fs/hfs/catalog.c.orig	2008-09-08 15:20:15.000000000 +0200
> +++ linux/fs/hfs/catalog.c	2008-09-08 15:21:02.000000000 +0200
> @@ -190,6 +190,10 @@ int hfs_cat_find_brec(struct super_block
>  
>  	fd->search_key->cat.ParID = rec.thread.ParID;
>  	len = fd->search_key->cat.CName.len = rec.thread.CName.len;
> +	if (len > HFS_NAMELEN) {
> +		printk(KERN_ERR "hfs: bad catalog namelength\n");
> +		return -EIO;
> +	}
>  	memcpy(fd->search_key->cat.CName.name, rec.thread.CName.name, len);
>  	return hfs_brec_find(fd);
>  }

Please send a full changelog for this patch.

I can (and often do) end up writing these things myself, but it's not a
very satisfactory arrangement, particularly when I'm not provided with
sufficient information to do so.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ