lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150313112246.GH20767@twin.jikos.cz>
Date:	Fri, 13 Mar 2015 12:22:46 +0100
From:	David Sterba <dsterba@...e.cz>
To:	"Yeon, JeHyeon (Tom)" <Tom.Yeon@...driver.com>
Cc:	"gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: LZ4 : fix the data abort issue.

On Thu, Mar 12, 2015 at 08:28:55AM +0000, Yeon, JeHyeon (Tom) wrote:
> If the part of the compression data are corrupted, or the compression
> data is totally fake, the memory access over the limit is possible.
> 
> This is the log from my system usning lz4 decompression.
>    [6502]data abort, halting
>    [6503]r0  0x00000000 r1  0x00000000 r2  0xdcea0ffc r3  0xdcea0ffc
>    [6509]r4  0xb9ab0bfd r5  0xdcea0ffc r6  0xdcea0ff8 r7  0xdce80000
>    [6515]r8  0x00000000 r9  0x00000000 r10 0x00000000 r11 0xb9a98000
>    [6522]r12 0xdcea1000 usp 0x00000000 ulr 0x00000000 pc  0x820149bc
>    [6528]spsr 0x400001f3
> and the memory addresses of some variables at the moment are
>     ref:0xdcea0ffc, op:0xdcea0ffc, oend:0xdcea1000
> 
> As you can see, COPYLENGH is 8bytes, so @ref and @op can access the momory
> over @oend.
> 
> Signed-off-by: tom.yeon <tom.yeon@...driver.com>

Reviewed-by: David Sterba <dsterba@...e.cz>

Matches implementation in lz4 upstream.

Btw, why is it a reply and not a standalone patch? I don't seem to find
any prior message in relevant mailinglists.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ