| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Mar 2010 18:24:30 +0000
From: Al Viro <viro@...IV.linux.org.uk>
To: walt <w41ter@...il.com>
Cc: linux-kernel@...r.kernel.org
Subject: Re: "Switch !O_CREAT case to use of do_last()" causes segfault in
glibc
On Sat, Mar 06, 2010 at 10:20:41AM -0800, walt wrote:
> On 03/06/2010 10:03 AM, Al Viro wrote:
>
> >_Really_ interesting; it doesn't look like an oops - smells like an attempt
> >to do opendir() that fails for some reason, goes unnoticed and resulting
> >FILE * (i.e. NULL) is fed to readdir()?
> >
> >What does it attempt to open?
>
> Ah, this may help:
>
> open("/usr/share/zoneinfo/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 47
> open("/usr/share/zoneinfo/MST7MDT", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 48
> open("/usr/share/zoneinfo/MST7MDT/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOTDIR (Not a directory)
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
Oho... And what do you have in /usr/share/zoneinfo? I.e. what is MST7MDT?
BTW, icu is buggy, regardless of apparent bug introduced in the kernel -
common/putil.c:searchForTZFile() does
DIR* dirp = opendir(path);
...
while((dirEntry = readdir(dirp)) != NULL) {
with no references to dirp in between (no checks for errors, etc.), so it'll
segfault on any number of situations (e.g. directory in question being
unreadable for you).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists