lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAFLxGvzbjTTaoquNb6jZTpSRXYV5=XfAfxg7Be6Cfyqsw+-Gig@mail.gmail.com>
Date:   Mon, 30 Mar 2020 23:31:12 +0200
From:   Richard Weinberger <richard.weinberger@...il.com>
To:     Liu Song <fishland@...yun.com>
Cc:     Richard Weinberger <richard@....at>, linux-mtd@...ts.infradead.org,
        LKML <linux-kernel@...r.kernel.org>, liu.song11@....com.cn
Subject: Re: [PATCH] ubifs: Fix out-of-bounds memory access caused by abnormal
 value of node_len

On Thu, Jan 16, 2020 at 4:37 PM Liu Song <fishland@...yun.com> wrote:
>
> From: Liu Song <liu.song11@....com.cn>
>
> In “ubifs_check_node”, when the value of "node_len" is abnormal,
> the code will goto label of "out_len" for execution. Then, in the
> following "ubifs_dump_node", if inode type is "UBIFS_DATA_NODE",
> in "print_hex_dump", an out-of-bounds access may occur due to the
> wrong "ch->len".
>
> Therefore, when the value of "node_len" is abnormal, data length
> should to be adjusted to a reasonable safe range. At this time,
> structured data is not credible, so dump the corrupted data directly
> for analysis.
>
> Signed-off-by: Liu Song <liu.song11@....com.cn>

Applied, thanks!

-- 
Thanks,
//richard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ