lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m2im7pyf9s.wl-thehajime@gmail.com>
Date:   Fri, 22 Jan 2021 09:41:19 +0900
From:   Hajime Tazaki <thehajime@...il.com>
To:     paullawrence@...gle.com
Cc:     jdike@...toit.com, richard@....at, anton.ivanov@...bridgegreys.com,
        krisman@...labora.com, chris.obbard@...labora.com,
        linux-um@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] um: ubd: Fix crash from option parsing


Hello,

On Wed, 20 Jan 2021 03:19:45 +0900,
Paul Lawrence wrote:
> 
> Below patch will cause NULL ptr dereferences if the optional filenames
> are not present.
> 
> Fixes: ef3ba87cb7c9 (um: ubd: Set device serial attribute from cmdline)
> Signed-off-by: Paul Lawrence <paullawrence@...gle.com>

This was addressed/fixed by the below patch, though that one doesn't
the first "file" variable check.

http://lists.infradead.org/pipermail/linux-um/2020-December/000983.html

There was another attempt to fix (with the same diff), btw.

http://lists.infradead.org/pipermail/linux-um/2021-January/000998.html

It seems that the patch is already queued but not upstreamed yet.

-- Hajime

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ