| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1357829004.4514.1.camel@deadeye.wl.decadent.org.uk>
Date: Thu, 10 Jan 2013 14:43:24 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: Paul Gortmaker <paul.gortmaker@...driver.com>
Cc: stable@...r.kernel.org, linux-kernel@...r.kernel.org,
Jan Kara <jack@...e.cz>
Subject: Re: [v2.6.34-stable 60/77] udf: Avoid run away loop when partition
table length is corrupted
On Tue, 2013-01-08 at 18:35 -0500, Paul Gortmaker wrote:
> From: Jan Kara <jack@...e.cz>
>
> -------------------
> This is a commit scheduled for the next v2.6.34 longterm release.
> http://git.kernel.org/?p=linux/kernel/git/paulg/longterm-queue-2.6.34.git
> If you see a problem with using this for longterm, please comment.
> -------------------
>
> commit adee11b2085bee90bd8f4f52123ffb07882d6256 upstream.
>
> Check provided length of partition table so that (possibly maliciously)
> corrupted partition table cannot cause accessing data beyond current buffer.
>
> Signed-off-by: Jan Kara <jack@...e.cz>
> [PG: in 2.6.34 udf_err() is called udf_error()]
> Signed-off-by: Paul Gortmaker <paul.gortmaker@...driver.com>
[...]
There's a follow-up I think you should add:
commit 57b9655d01ef057a523e810d29c37ac09b80eead
Author: Jan Kara <jack@...e.cz>
Date: Tue Jul 10 17:58:04 2012 +0200
udf: Improve table length check to avoid possible overflow
Ben.
--
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.
Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)
Powered by blists - more mailing lists