| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 21 Apr 2021 15:55:33 +0200
From: Jan Kara <jack@...e.cz>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: linux-kernel@...r.kernel.org, Wenwen Wang <wang6495@....edu>,
Jan Kara <jack@...e.cz>
Subject: Re: [PATCH 087/190] Revert "udf: fix an uninitialized read bug and
remove dead code"
On Wed 21-04-21 14:59:22, Greg Kroah-Hartman wrote:
> This reverts commit 39416c5872db69859e867fa250b9cbb3f1e0d185.
>
> Commits from @umn.edu addresses have been found to be submitted in "bad
> faith" to try to test the kernel community's ability to review "known
> malicious" changes. The result of these submissions can be found in a
> paper published at the 42nd IEEE Symposium on Security and Privacy
> entitled, "Open Source Insecurity: Stealthily Introducing
> Vulnerabilities via Hypocrite Commits" written by Qiushi Wu (University
> of Minnesota) and Kangjie Lu (University of Minnesota).
>
> Because of this, all submissions from this group must be reverted from
> the kernel tree and will need to be re-reviewed again to determine if
> they actually are a valid fix. Until that work is complete, remove this
> change to ensure that no problems are being introduced into the
> codebase.
>
> Cc: Wenwen Wang <wang6495@....edu>
> Cc: Jan Kara <jack@...e.cz>
> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Hi Greg!
I'm pretty confident this particular report & fix was valid (in fact it was
me who suggested the particular change). So I don't see point in reverting
it...
Honza
> ---
> fs/udf/namei.c | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/fs/udf/namei.c b/fs/udf/namei.c
> index f146b3089f3d..77906b679187 100644
> --- a/fs/udf/namei.c
> +++ b/fs/udf/namei.c
> @@ -304,6 +304,21 @@ static struct dentry *udf_lookup(struct inode *dir, struct dentry *dentry,
> if (dentry->d_name.len > UDF_NAME_LEN)
> return ERR_PTR(-ENAMETOOLONG);
>
> +#ifdef UDF_RECOVERY
> + /* temporary shorthand for specifying files by inode number */
> + if (!strncmp(dentry->d_name.name, ".B=", 3)) {
> + struct kernel_lb_addr lb = {
> + .logicalBlockNum = 0,
> + .partitionReferenceNum =
> + simple_strtoul(dentry->d_name.name + 3,
> + NULL, 0),
> + };
> + inode = udf_iget(dir->i_sb, lb);
> + if (IS_ERR(inode))
> + return inode;
> + } else
> +#endif /* UDF_RECOVERY */
> +
> fi = udf_find_entry(dir, &dentry->d_name, &fibh, &cfi);
> if (IS_ERR(fi))
> return ERR_CAST(fi);
> --
> 2.31.1
>
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists