lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <tencent_FFE5365E9608362A4B7474FF76E567C03C09@qq.com>
Date: Tue, 21 May 2024 11:45:24 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+efde959319469ff8d4d7@...kaller.appspotmail.com
Cc: linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [hfs?] KMSAN: uninit-value in copy_name

please test uiv in copy_name

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git a5131c3fdf26

diff --git a/fs/hfsplus/unicode.c b/fs/hfsplus/unicode.c
index 73342c925a4b..8e97df12375d 100644
--- a/fs/hfsplus/unicode.c
+++ b/fs/hfsplus/unicode.c
@@ -234,6 +234,7 @@ int hfsplus_uni2asc(struct super_block *sb,
 		}
 done:
 		res = nls->uni2char(cc, op, len);
+		printk("res: %d, cc: %d, op:%p, len: %d, ustrlen: %d, %s\n", res, cc, op, len, ustrlen, __func__);
 		if (res < 0) {
 			if (res == -ENAMETOOLONG)
 				goto out;
diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c
index 9c9ff6b8c6f7..cac1cca468d8 100644
--- a/fs/hfsplus/xattr.c
+++ b/fs/hfsplus/xattr.c
@@ -698,7 +698,7 @@ ssize_t hfsplus_listxattr(struct dentry *dentry, char *buffer, size_t size)
 		return err;
 	}
 
-	strbuf = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN +
+	strbuf = kzalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN +
 			XATTR_MAC_OSX_PREFIX_LEN + 1, GFP_KERNEL);
 	if (!strbuf) {
 		res = -ENOMEM;
@@ -733,6 +733,7 @@ ssize_t hfsplus_listxattr(struct dentry *dentry, char *buffer, size_t size)
 			goto end_listxattr;
 
 		xattr_name_len = NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN;
+		printk("sb: %p, xnl: %d, %s\n", strbuf, xattr_name_len, __func__);
 		if (hfsplus_uni2asc(inode->i_sb,
 			(const struct hfsplus_unistr *)&fd.key->attr.key_name,
 					strbuf, &xattr_name_len)) {
@@ -741,6 +742,7 @@ ssize_t hfsplus_listxattr(struct dentry *dentry, char *buffer, size_t size)
 			goto end_listxattr;
 		}
 
+		printk("s:%d, buf:%p, res:%d, sb: %s, xnl: %d, %s\n", size, buffer, res, strbuf, xattr_name_len, __func__);
 		if (!buffer || !size) {
 			if (can_list(strbuf))
 				res += name_len(strbuf, xattr_name_len);


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ