| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180319135612.GA2465@kroah.com>
Date: Mon, 19 Mar 2018 14:56:13 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Petr Vandrovec <petr@...drovec.name>,
Philippe Ombredanne <pombredanne@...b.com>,
Stephen Hemminger <stephen@...workplumber.org>,
Thomas Gleixner <tglx@...utronix.de>,
"David S. Miller" <davem@...emloft.net>,
devel@...verdev.osuosl.org, netdev@...r.kernel.org,
security@...nel.org
Subject: Re: [PATCH] ncpfs: memory corruption in ncp_read_kernel()
On Mon, Mar 19, 2018 at 02:07:45PM +0300, Dan Carpenter wrote:
> If the server is malicious then *bytes_read could be larger than the
> size of the "target" buffer. It would lead to memory corruption when we
> do the memcpy().
>
> Reported-by: Dr Silvio Cesare of InfoSect <Silvio Cesare <silvio.cesare@...il.com>
> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
>
> diff --git a/drivers/staging/ncpfs/ncplib_kernel.c b/drivers/staging/ncpfs/ncplib_kernel.c
> index 804adfebba2f..3e047eb4cc7c 100644
> --- a/drivers/staging/ncpfs/ncplib_kernel.c
> +++ b/drivers/staging/ncpfs/ncplib_kernel.c
Ugh, I have like 2 more months before I delete this code :)
Anyway, nice find, and fix, I'll go queue it up now, thanks.
greg k-h
Powered by blists - more mailing lists