lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 29 Nov 2017 14:56:03 -0800
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Andrei Vagin <avagin@...tuozzo.com>
Cc:     Alexey Dobriyan <adobriyan@...il.com>,
        linux-kernel@...r.kernel.org, xemul@...tuozzo.com
Subject: Re: proc: fix /proc/*/map_files lookup

On Mon, 27 Nov 2017 21:29:25 -0800 Andrei Vagin <avagin@...tuozzo.com> wrote:

> On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> > Current code does:
> > 
> > 	if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
> > 
> > However sscanf() is broken garbage.
> > 
> > It silently accepts whitespace between format specifiers
> > (did you know that?).
> > 
> > It silently accepts valid strings which result in integer overflow.
> > 
> > Do not use sscanf() for any even remotely reliable parsing code.
> 
> This patch breaks criu, criu has one places where a file name is generated
> as map_files/%p-%p
> 
> openat(1048572, "map_files/0x7f9912dd5000-0x7f9912de4000", O_RDWR) = -1 ENOENT (No such file or directory) <0.000015>
> 
> And this code worked before this patch and it doesn't work with this
> patch. And you have to know that we never break user-space programs ;)
> 
> But seriously, the patch looks good to me, but I would prefer to not queue
> it into stable kernels.

The patch breaks CRIU but you're OK with merging it?  How does that work ;)

Now I'm worried that it will break other things.

Powered by blists - more mailing lists