lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BEEA84E0-1CF5-4F06-BC5C-A0F97240D76D@kernel.org>
Date: Mon, 22 Jul 2024 00:06:59 -0700
From: Kees Cook <kees@...nel.org>
To: "Darrick J. Wong" <djwong@...nel.org>, "Artem S. Tashkinov" <aros@....com>
CC: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
 linux-ext4@...r.kernel.org, xcreativ@...il.com, madeisbaer@...or.de,
 justinstitt@...gle.com, keescook@...omium.org,
 linux-hardening@...r.kernel.org
Subject: Re: Linux 6.10 regression resulting in a crash when using an ext4 filesystem



On July 21, 2024 9:19:24 PM PDT, "Darrick J. Wong" <djwong@...nel.org> wrote:
>On Sun, Jul 21, 2024 at 09:10:59PM +0000, Artem S. Tashkinov wrote:
>> Hello,
>> 
>> There are now two bug reports containing very similar if not exactly the
>> same backtraces.
>> 
>> https://bugzilla.kernel.org/show_bug.cgi?id=219072
>> https://bugzilla.kernel.org/show_bug.cgi?id=219078
>> 
>> Theodore, please take a look.
>
>[adding everyone involved in 744a56389f739 ("ext4: replace deprecated
>strncpy with alternatives") to cc]
>
>Is strscpy_pad appropriate if the @src parameter itself is a fixed
>length char[16] which isn't null terminated when the label itself is 16
>chars long?

Nope; it needed memtostr_pad(). I sent the fix back at the end of May, but it only just recently landed:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be27cd64461c45a6088a91a04eba5cd44e1767ef

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ