| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <pndwmhe1ypu.fsf@axis.com>
Date: Thu, 7 Nov 2024 23:11:09 +0100
From: Waqar Hameed <waqar.hameed@...s.com>
To: Zhihao Cheng <chengzhihao1@...wei.com>
CC: Richard Weinberger <richard@....at>, Sascha Hauer
<s.hauer@...gutronix.de>, <kernel@...s.com>, <linux-mtd@...ts.infradead.org>,
<linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RFC] ubifs: Fix use-after-free in ubifs_tnc_end_commit
On Thu, Nov 07, 2024 at 15:14 +0800 Zhihao Cheng <chengzhihao1@...wei.com> wrote:
> 在 2024/11/7 0:36, Waqar Hameed 写道:
[...]
>> Did you manage to reproduce the issue with this?
>
> I tried, but I still cannot reproduce it on my local machine.
That's a bummer! Sometimes it really could take a while. For example, my
last attempt needed 248 iterations (almost 4 hours)...
[...]
> @@ -662,6 +662,10 @@ static int get_znodes_to_commit(struct ubifs_info *c)
> }
> znode->cparent = znode->parent;
> znode->ciip = znode->iip;
> + if (znode->cparent) {
> + ubifs_assert(c, ubifs_zn_dirty(znode->cparent));
> + }
> + ubifs_assert(c, znode->ciip < c->fantout);
> znode->cnext = cnext;
> znode = cnext;
> cnt += 1;
None of the asserts got hit during my last run, but KASAN still
complained.
Powered by blists - more mailing lists