| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1342075615-24683-1-git-send-email-minipli@googlemail.com> Date: Thu, 12 Jul 2012 08:46:53 +0200 From: Mathias Krause <minipli@...glemail.com> To: Al Viro <viro@...iv.linux.org.uk>, Jan Kara <jack@...e.cz> Cc: linux-kernel@...r.kernel.org, Mathias Krause <minipli@...glemail.com> Subject: [PATCH 0/2] Fix info leaks on export for udf and isofs Al, Jan, this patch set fixes info leaks in isofs and udf. Both file systems fail to initialize all bytes of the f_handle byte array when creating a handle for a path pointing to a directory. This memory gets copied to userland and that for is a leak of uninitialized heap data to userland that should be fixed. This info leak can be triggered locally by using the name_to_handle_at() syscall. Regards, Mathias Krause (2): isofs: avoid info leak on export udf: avoid info leak on export fs/isofs/export.c | 1 + fs/udf/namei.c | 1 + 2 files changed, 2 insertions(+) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists