| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110401122938.GA2908@midget.suse.cz> Date: Fri, 1 Apr 2011 14:29:38 +0200 From: Jiri Bohac <jbohac@...e.cz> To: Jiri Bohac <jbohac@...e.cz> Cc: Ben Hutchings <ben@...adent.org.uk>, Dan Rosenberg <drosenberg@...curity.com>, ralf@...ux-mips.org, davem@...emloft.net, netdev@...r.kernel.org, security@...nel.org Subject: Re: [PATCH v2] ROSE: prevent heap corruption with bad facilities On Thu, Mar 31, 2011 at 08:02:25PM +0200, Jiri Bohac wrote: > However, I wonder how much sense it makes to continue parsing the > facilities if an unknown facility family appears. We don't know > the length of its data, so we will interpret each 16 bytes a new oops, typo: s/16 bytes a new/16 bits as a new/ > facilities header, hopefully soon bailing out on *p != 0x00. > > In case of a long packet where every other byte is zero, the loop > will spam the kernel log with the printk ... which could probably > be classified as a security problem on its own. So how about the > following instead? I have no idea if this breaks some rose > specification, though. -- Jiri Bohac <jbohac@...e.cz> SUSE Labs, SUSE CZ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists