| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110427052610.GH12436@dastard> Date: Wed, 27 Apr 2011 15:26:10 +1000 From: Dave Chinner <david@...morbit.com> To: Andi Kleen <andi@...stfloor.org> Cc: drosenberg@...curity.com, ak@...ux.intel.com, eugeneteo@...nel.org, aelder@....com, gregkh@...e.de, linux-kernel@...r.kernel.org, stable@...nel.org, tim.bird@...sony.com Subject: Re: [PATCH] [8/106] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1 On Tue, Apr 26, 2011 at 02:12:46PM -0700, Andi Kleen wrote: > 2.6.35-longterm review patch. If anyone has any objections, please let me know. > > ------------------ > From: Dan Rosenberg <drosenberg@...curity.com> > > commit c4d0c3b097f7584772316ee4d64a09fe0e4ddfca upstream. > > The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to > xfs_fs_geometry() with a version number of 3. This code path does not > fill in the logsunit member of the passed xfs_fsop_geom_t, leading to > the leaking of four bytes of uninitialized stack data to potentially > unprivileged callers. > > v2 switches to memset() to avoid future issues if structure members > change, on suggestion of Dave Chinner. Did you grab the followup patch that fixed the stack corruption this change caused? Cheers, Dave. -- Dave Chinner david@...morbit.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists