lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150403173615.GA11233@kroah.com>
Date:	Fri, 3 Apr 2015 19:36:15 +0200
From:	Greg KH <gregkh@...uxfoundation.org>
To:	Krzysztof Kolasa <kkolasa@...soft.pl>
Cc:	Alexander Kuleshov <alex0xax@...il.com>, dsterba@...e.cz,
	tom.yeon@...driver.com, linux-kernel@...r.kernel.org
Subject: Re: [PATCHv2] lz4: fix system halted at boot kernel x86_64
 compressed lz4

On Fri, Apr 03, 2015 at 05:12:47PM +0200, Krzysztof Kolasa wrote:
> Decompression process ends with an error when loading 64bit lz4 kernel:
> 
> Decoding failed
>  -- System halted
> 
> This condition is not needed for 64bit kernel( from the last commit d5e7caf )
> 
> if( ... ||
>     (op + COPYLENGTH) > oend)
>     goto _output_error
> 
> macro LZ4_SECURE_COPY() tests op and does not copy any data
> when op exceeds the value, decompression process is continued.
> 
> added by analogy to lz4_uncompress_unknownoutputsize(...)
> 
> Signed-off-by: Krzysztof Kolasa <kkolasa@...soft.pl>
> Tested-by: Alexander Kuleshov <alex0xax@...il.com>
> ---
>  lib/lz4/lz4_decompress.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/lib/lz4/lz4_decompress.c b/lib/lz4/lz4_decompress.c
> index f0f5c5c..8a742b1 100644
> --- a/lib/lz4/lz4_decompress.c
> +++ b/lib/lz4/lz4_decompress.c
> @@ -139,8 +139,12 @@ static int lz4_uncompress(const char *source, char *dest, int osize)
>              /* Error: request to write beyond destination buffer */
>              if (cpy > oend)
>                  goto _output_error;
> +#if LZ4_ARCH64
> +            if ((ref + COPYLENGTH) > oend)
> +#else
>              if ((ref + COPYLENGTH) > oend ||
>                      (op + COPYLENGTH) > oend)
> +#endif
>                  goto _output_error;
>              LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
>              while (op < cpy)
> @@ -270,7 +274,13 @@ static int lz4_uncompress_unknownoutputsize(const char *source, char *dest,
>          if (cpy > oend - COPYLENGTH) {
>              if (cpy > oend)
>                  goto _output_error; /* write outside of buf */
> -
> +#if LZ4_ARCH64
> +            if ((ref + COPYLENGTH) > oend)
> +#else
> +            if ((ref + COPYLENGTH) > oend ||
> +                    (op + COPYLENGTH) > oend)
> +#endif
> +                goto _output_error;
>              LZ4_SECURECOPY(ref, op, (oend - COPYLENGTH));
>              while (op < cpy)
>                  *op++ = *ref++;

All whitespace is messed up, and this patch can not be applied :(

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ