lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 28 Nov 2017 12:12:44 +0200
From:   Alexey Dobriyan <>
To:     Andrei Vagin <>
Subject: Re: proc: fix /proc/*/map_files lookup

On 11/28/17, Andrei Vagin <> wrote:
> On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
>> Current code does:
>> 	if (sscanf(dentry->, "%lx-%lx", start, end) != 2)
>> However sscanf() is broken garbage.
>> It silently accepts whitespace between format specifiers
>> (did you know that?).
>> It silently accepts valid strings which result in integer overflow.
>> Do not use sscanf() for any even remotely reliable parsing code.
> This patch breaks criu, criu has one places where a file name is generated
> as map_files/%p-%p

> openat(1048572, "map_files/0x7f9912dd5000-0x7f9912de4000", O_RDWR) = -1

glibc prints null pointer as "(nil)", so %p is broken even if lookup is fixed.

> And this code worked before this patch and it doesn't work with this
> patch. And you have to know that we never break user-space programs ;)

OK :-)

Powered by blists - more mailing lists