| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130225095018.387b165e@armhf> Date: Mon, 25 Feb 2013 09:50:18 +0100 From: Jean-Francois Moine <moinejf@...e.fr> To: Nicolas Pitre <nicolas.pitre@...aro.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] tty vt: fix character insertion overflow On Sun, 24 Feb 2013 20:06:09 -0500 (EST) Nicolas Pitre <nicolas.pitre@...aro.org> wrote: > Commit 81732c3b2f (tty vt: Fix line garbage in virtual console on > command line edition) broke insert_char() in multiple ways. Then > commit b1a925f44a (tty vt: Fix a regression in command line edition) > partially fixed it. However, the buffer being moved is still too large > and overflowing beyond the end of the current line, corrupting existing > characters on the next line. and > One detail I didn't mention explicitly is that the cursor can be moved > to the last screen line, and then the sequence ESC [ <n> @ is all that > is needed to shovel 2*n bytes from that bottom screen line into adjacent > memory which could potentially be exploited in some way. You are right, this bug is critical. Sorry. Acked-by: Jean-François Moine <moinejf@...e.fr> -- Ken ar c'hentañ | ** Breizh ha Linux atav! ** Jef | http://moinejf.free.fr/ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists