| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20171129145603.3adf4f0ba2bc9d4a4698d552@linux-foundation.org>
Date: Wed, 29 Nov 2017 14:56:03 -0800
From: Andrew Morton <akpm@...ux-foundation.org>
To: Andrei Vagin <avagin@...tuozzo.com>
Cc: Alexey Dobriyan <adobriyan@...il.com>,
linux-kernel@...r.kernel.org, xemul@...tuozzo.com
Subject: Re: proc: fix /proc/*/map_files lookup
On Mon, 27 Nov 2017 21:29:25 -0800 Andrei Vagin <avagin@...tuozzo.com> wrote:
> On Tue, Nov 21, 2017 at 12:27:06AM +0300, Alexey Dobriyan wrote:
> > Current code does:
> >
> > if (sscanf(dentry->d_name.name, "%lx-%lx", start, end) != 2)
> >
> > However sscanf() is broken garbage.
> >
> > It silently accepts whitespace between format specifiers
> > (did you know that?).
> >
> > It silently accepts valid strings which result in integer overflow.
> >
> > Do not use sscanf() for any even remotely reliable parsing code.
>
> This patch breaks criu, criu has one places where a file name is generated
> as map_files/%p-%p
>
> openat(1048572, "map_files/0x7f9912dd5000-0x7f9912de4000", O_RDWR) = -1 ENOENT (No such file or directory) <0.000015>
>
> And this code worked before this patch and it doesn't work with this
> patch. And you have to know that we never break user-space programs ;)
>
> But seriously, the patch looks good to me, but I would prefer to not queue
> it into stable kernels.
The patch breaks CRIU but you're OK with merging it? How does that work ;)
Now I'm worried that it will break other things.
Powered by blists - more mailing lists