lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1283030397.3284.133.camel@dhcp231-106.rdu.redhat.com>
Date:	Sat, 28 Aug 2010 17:19:57 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Csaba Henk <csaba@...ster.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] fsnotify: fix NULL dereference in send_to_group()

On Sun, 2010-08-29 at 00:55 +0530, Csaba Henk wrote:
> If fanotify is triggered via a vfsmount mark (so that there is
> no inode mark, group in send_to_group() is set from a structure
> member where the struct pointer is NULL.
> 
> This can be tested with the fanotify utility available from
> http://people.redhat.com/eparis/fanotify/:
> 
>  # fanotify -m / & touch /x

This should be fixed in the pull request I sent to Linus last night.
Sorry you had to track it down as well.  There are a number of other bug
fixes in my tree

http://git.infradead.org/users/eparis/notify.git

There might still be some code duplication which something like 2/2
could clean up but your patch does apply to my devel tree and it has a
logic flaw.  In the case we have both a vfsmount and an inode mark we
need to test:

event_mask & vmark->mask & ~vmark->ignored_mask & ~imark->ignored mask.

You would only ever test one or the other, not both together like that.

Thanks!  Please let me know any other problems you run into!

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ