lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <2575F983-D170-4B79-A6BA-912D4ED2CC73@dubeyko.com>
Date:   Wed, 4 Jan 2023 16:36:51 -0800
From:   Viacheslav Dubeyko <slava@...eyko.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        syzbot <syzbot+7bb7cd3595533513a9e7@...kaller.appspotmail.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        christian.brauner@...ntu.com,
        Damien Le Moal <damien.lemoal@...nsource.wdc.com>,
        Jeff Layton <jlayton@...nel.org>,
        Linux FS Devel <linux-fsdevel@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs@...glegroups.com,
        Matthew Wilcox <willy@...radead.org>,
        ZhangPeng <zhangpeng362@...wei.com>,
        linux-m68k@...ts.linux-m68k.org
Subject: Re: [syzbot] [hfs?] WARNING in hfs_write_inode

Hi Arnd,

> On Jan 4, 2023, at 2:33 PM, Arnd Bergmann <arnd@...db.de> wrote:
> 
> On Wed, Jan 4, 2023, at 20:06, Linus Torvalds wrote:
>> 
>> I suspect this code is basically all dead. From what I can tell, hfs
>> only gets updates for
>> 
>> (a) syzbot reports
>> 
>> (b) vfs interface changes
> 
> There is clearly no new work going into it, and most data exchange
> with MacOS would use HFS+, but I think there are still some users.
> 
>> and the last real changes seem to have been by Ernesto A. Fernández
>> back in 2018.
>> 
>> Hmm. Looking at that code, we have another bug in there, introduced by
>> an earlier fix for a similar issue: commit 8d824e69d9f3 ("hfs: fix OOB
>> Read in __hfs_brec_find") added
>> 
>> +       if (HFS_I(main_inode)->cat_key.CName.len > HFS_NAMELEN)
>> +               return -EIO;
>> 
>> but it's after hfs_find_init(), so it should actually have done a
>> hfs_find_exit() to not leak memory.
>> 
>> So we should probably fix that too.
>> 
>> Something like this ENTIRELY UNTESTED patch?
>> 
>> Do we have anybody who looks at hfs?
> 
> Adding Viacheslav Dubeyko to Cc, he's at least been reviewing
> patches for HFS and HFS+ somewhat recently. The linux-m68k
> list may have some users dual-booting old MacOS.
> 
> Viacheslav, see the start of the thread at
> https://lore.kernel.org/lkml/000000000000dbce4e05f170f289@google.com/
> 

Let me take a look into the issue.

Thanks,
Slava.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ