lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1471973727.13300.162.camel@decadent.org.uk>
Date:   Tue, 23 Aug 2016 18:35:27 +0100
From:   Ben Hutchings <ben@...adent.org.uk>
To:     David Miller <davem@...emloft.net>, luis.henriques@...onical.com
Cc:     avijitnsec@...eaurora.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: CVE-2014-9900 fix is not upstream

On Tue, 2016-08-23 at 09:40 -0700, David Miller wrote:
> From: Luis Henriques <luis.henriques@...onical.com>
> Date: Tue, 23 Aug 2016 14:41:07 +0100
> 
> > Digging through some old CVEs I came across this one that doesn't
> seem be
> > in mainline.  Was there a good reason for not being sent upstream? 
> Maybe it was
> > rejected for some reason and I failed to find the discussion.
> 
> Because the patch is completely bogus, and thus so is the CVE.
> 
> The variable initializer clears out the entire structure.
> 
> Until you can show compiler output from gcc that shows it not
> initializing the structure I will not apply this patch because I know
> that it faithfully does.

On some versions and architectures.  Can you guarantee that you will
notice when an exception appears?

Ben.

-- 
Ben Hutchings
The program is absolutely right; therefore, the computer must be wrong.

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ