| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Aug 2019 11:03:53 +0200 (CEST)
From: Richard Weinberger <richard@....at>
To: Gao Xiang <hsiangkao@....com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Al Viro <viro@...iv.linux.org.uk>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
devel <devel@...verdev.osuosl.org>,
linux-erofs <linux-erofs@...ts.ozlabs.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Stephen Rothwell <sfr@...b.auug.org.au>, tytso <tytso@....edu>,
Pavel Machek <pavel@...x.de>, David Sterba <dsterba@...e.cz>,
Amir Goldstein <amir73il@...il.com>,
Christoph Hellwig <hch@...radead.org>,
Darrick <darrick.wong@...cle.com>,
Dave Chinner <david@...morbit.com>,
Jaegeuk Kim <jaegeuk@...nel.org>, Jan Kara <jack@...e.cz>,
torvalds <torvalds@...ux-foundation.org>,
Chao Yu <yuchao0@...wei.com>, Miao Xie <miaoxie@...wei.com>,
Li Guifu <bluce.liguifu@...wei.com>,
Fang Wei <fangwei1@...wei.com>,
Gao Xiang <gaoxiang25@...wei.com>
Subject: Re: [PATCH] erofs: move erofs out of staging
----- Ursprüngliche Mail -----
> I agree with you, but what can we do now is trying our best to fuzz
> all the fields.
>
> So, what is your opinion about EROFS?
All I'm saying is that you should not blindly trust the disk.
Another thing that raises my attention is in superblock_read():
memcpy(sbi->volume_name, layout->volume_name,
sizeof(layout->volume_name));
Where do you check whether ->volume_name has a NUL terminator?
Currently this field has no user, maybe will add a check upon usage.
But this kind of things makes me wonder.
Thanks,
//richard
Powered by blists - more mailing lists