lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Thu, 21 Feb 2013 00:56:08 +0900
From:	Satoru Takeuchi <satoru.takeuchi@...il.com>
To:	Alexandre SIMON <Alexandre.Simon@...v-lorraine.fr>
Cc:	Satoru Takeuchi <satoru.takeuchi@...il.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [ 1/1] printk: fix buffer overflow when calling log_prefix function from call_console_drivers

At Wed, 20 Feb 2013 14:43:09 +0100,
Alexandre SIMON wrote:
> 
> [Satoru Takeuchi] wrote the following on [20/02/2013 14:02]:
> [...]
> > 
> > I reviewed this patch and it seems to be good for me. Since I'm not good at
> > printk code, I want to confirm whether what I think is correct or not.
> > Is the following my understanding correct?
> 
>   No problem, it's nice to talk about this patch !
...
> > In this case, only LOG_BUF(cur_index) is safe to access and
> > 
> >  - "LOG_BUF(cur_index) + 1" as p[1],
> >  - "LOG_BUF(cur_index) + 2" as p[2], and
> >  - "LOG_BUF(cur_index) + 1 or more" as simple_strtoul(&p[1], &endp, 10)
> > 
> > in log_prefix() are not to do so. Hence touching them would cause the system hang as you
> > said as follows.
> 
>   Yes, your analyze is totally right. Your figure is clear and shows exactly when the problem occurs in the "borderline case".
>   The initial code does not check that the "cur_index" can be at the end of "log_buf" whereas "log_prefix" function may access to one, two or more indexes after.

Alex, thank you for quick response and the detailed explanation.
Greg, then I can say this patch looks correct and 3.0.66-rc1 version is too.

Thanks,
Satoru
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ