lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y32sfX54JJbldBIt@codewreck.org>
Date:   Wed, 23 Nov 2022 14:15:41 +0900
From:   Dominique Martinet <asmadeus@...ewreck.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Christian Schoenebeck <linux_oss@...debyte.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        v9fs-developer@...ts.sourceforge.net
Subject: [GIT PULL] 9p fixes for 6.1-rc7

The following changes since commit f0c4d9fc9cc9462659728d168387191387e903cc:

  Linux 6.1-rc4 (2022-11-06 15:07:11 -0800)

are available in the Git repository at:

  https://github.com/martinetd/linux tags/9p-for-6.1-rc7

for you to fetch changes up to 391c18cf776eb4569ecda1f7794f360fe0a45a26:

  9p/xen: check logical size for buffer size (2022-11-23 14:01:27 +0900)

(yes, that's just now -- sorry, I just noticed a whitespace problem as I
prepared this mail, there's no code change with what was tested and in
-next for a few days)

----------------------------------------------------------------
9p-for-6.1-rc7

Two fixes:
 - 9p now uses a variable size for its recv buffer, but every place
hadn't been updated properly to use it and some buffer overflows
have been found and needed fixing.
There's still one place where msize is incorrectly used in a safety
check (p9_check_errors), but all paths leading to it should already
be avoiding overflows and that patch took a bit more time to get
right for zero-copy requests so I'll send it for 6.2
 - yet another race condition in p9_conn_cancel introduced by a
fix of a syzbot report in the same place, maybe at some point
we'll get it right without burning it all down...

----------------------------------------------------------------
Dominique Martinet (1):
      9p/xen: check logical size for buffer size

GUO Zihua (2):
      9p/fd: Fix write overflow in p9_read_work
      9p/fd: Use P9_HDRSZ for header size

Zhengchao Shao (1):
      9p/fd: fix issue of list_del corruption in p9_fd_cancel()

 net/9p/trans_fd.c  | 24 +++++++++++++-----------
 net/9p/trans_xen.c |  9 +++++++++
 2 files changed, 22 insertions(+), 11 deletions(-)
 9 files changed, 254 insertions(+), 28 deletions(-)
--
Dominique

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ