lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <173957282830.385288.5820409491649052216.b4-ty@kernel.dk>
Date: Fri, 14 Feb 2025 15:40:28 -0700
From: Jens Axboe <axboe@...nel.dk>
To: Jann Horn <jannh@...gle.com>
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org, 
 stable@...r.kernel.org
Subject: Re: [PATCH] partitions: mac: fix handling of bogus partition table


On Fri, 14 Feb 2025 02:39:50 +0100, Jann Horn wrote:
> Fix several issues in partition probing:
> 
>  - The bailout for a bad partoffset must use put_dev_sector(), since the
>    preceding read_part_sector() succeeded.
>  - If the partition table claims a silly sector size like 0xfff bytes
>    (which results in partition table entries straddling sector boundaries),
>    bail out instead of accessing out-of-bounds memory.
>  - We must not assume that the partition table contains proper NUL
>    termination - use strnlen() and strncmp() instead of strlen() and
>    strcmp().
> 
> [...]

Applied, thanks!

[1/1] partitions: mac: fix handling of bogus partition table
      commit: 80e648042e512d5a767da251d44132553fe04ae0

Best regards,
-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ