lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CADhLXY6fMO51pxc1P00F3g9PccNvXwOPd+g0FxeHq1FYGR3Xng@mail.gmail.com>
Date: Sat, 24 Jan 2026 08:16:25 +0530
From: Deepanshu Kartikey <kartikey406@...il.com>
To: Viacheslav Dubeyko <Slava.Dubeyko@....com>
Cc: "glaubitz@...sik.fu-berlin.de" <glaubitz@...sik.fu-berlin.de>, "frank.li@...o.com" <frank.li@...o.com>, 
	"slava@...eyko.com" <slava@...eyko.com>, 
	"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, 
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, 
	"syzbot+d80abb5b890d39261e72@...kaller.appspotmail.com" <syzbot+d80abb5b890d39261e72@...kaller.appspotmail.com>
Subject: Re: [PATCH] hfsplus: fix uninit-value in hfsplus_strcasecmp

On Sat, Jan 24, 2026 at 4:51 AM Viacheslav Dubeyko
<Slava.Dubeyko@....com> wrote:
>
>
> If the whole fix will be small, then one patch is better to have. Otherwise,
> patchset could be more better for the review.
>

Hi Slava,

Thank you for the guidance! Based on your feedback and the debug output showing
the partial read (26 bytes read, 520 expected), here's my proposed fix.

I'd appreciate your review before I send the formal patch.

---

The fix includes two changes:

1. Add validation in hfs_brec_read() to reject partial reads:

int hfs_brec_read(struct hfs_find_data *fd, void *rec, u32 rec_len)
{
int res;

res = hfs_brec_find(fd, hfs_find_rec_by_key);
if (res)
return res;
if (fd->entrylength > rec_len)
return -EINVAL;
++ if (fd->entrylength < rec_len) {
++ pr_err("hfsplus: incomplete catalog record (got %u, expected %u)\n",
++        fd->entrylength, rec_len);
++ return -EINVAL;
++ }
hfs_bnode_read(fd->bnode, rec, fd->entryoffset, fd->entrylength);
return 0;
}

2. Initialize tmp in hfsplus_find_cat() as defensive programming:

int hfsplus_find_cat(struct super_block *sb, u32 cnid,
     struct hfs_find_data *fd)
{
-- hfsplus_cat_entry tmp;
++ hfsplus_cat_entry tmp = {0};
int err;
u16 type;
...
}

---

Does this look correct to you? Should I proceed with this approach, or would
you suggest any modifications?


Thanks,
Deepanshu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ