Date: Sun, 31 Jan 2021 09:35:31 -0800 From: Gordon Tetlow <gordon@tetlows.org> To: Andrea Venturoli <ml@netfence.it> Cc: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:01.fsdisclosure Message-ID: <6260D94B-3CC6-48CB-AA5A-7438D1E39679@tetlows.org> In-Reply-To: <15879d07-6563-f762-c93c-cf91c9516ce7@netfence.it> References: <20210129022826.C82C91DB44@freefall.freebsd.org> <f32df288-0d05-0ece-52e5-042fe93d6940@quip.cz> <15879d07-6563-f762-c93c-cf91c9516ce7@netfence.it>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] > On Jan 31, 2021, at 7:25 AM, Andrea Venturoli <ml@netfence.it> wrote: > > On 1/31/21 12:29 PM, Miroslav Lachman wrote: > >>> Several file systems were not properly initializing the d_off field of >>> the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), >>> smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, >>> eight uninitialized kernel stack bytes may be leaked to userspace by >>> these file systems. This problem is not present in FreeBSD 11. >> There is a Corrected in: stable/11, 11.4-STABLE and releng/11.4, 11.4-RELEASE-p7, but later is a statement "This problem is not present in FreeBSD 11". >> What is true? Is it fixed in newer patchlevel of FreeBSD 11.4 or it was not present in 11.x at all? > > My understanding is that the problem described in that paragraph does not affect 11.x, but the next one does (and is "Corrected..."). > > I.e. 11.x is affected by: > >> Additionally, msdosfs(5) was failing to zero-fill a pair of padding >> fields in the dirent structure, resulting in a leak of three >> uninitialized bytes. > > > Is that right? This is correct. If you look at the patch cited for 11.x, it only has a fix applied to msdosfs(5). Best regards, Gordon [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEuyjUCzYO7pNq7RVv5fe8y6O93fgFAmAW6mMACgkQ5fe8y6O9 3fj9KwgAgaYtWdyqtjQSJsruj6TekcEqwS3nBOUcwrGB0dPOa4SnDgXoqBilx2Xc rl8iQ6dzasorsBreAyGiRkIEDXjGWqZmcqHYtsoUlRtWcGC6KdY6VIfM8xpJfrsA oHzOyaAgIsFsDfjCPFduPD5Y8zE5oYNth2C8bJv3mJ5+TtpzRMbEYGDY79juWhxz 8du0+9hA8y7skOfojRj6FVa03Ut1i7IdCPPs5pKvQHa45x5l+Fo/irnK8jIbV8LJ zGAqWLc4qgMQdPWFW1eM+1P0AGpCm8Qea79xNCKUubJfCPJmptZyU8rLFK+TDcan Qv6PkgJm8Kq3wLcBjlu2cTrDT/4jfw== =4yBm -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6260D94B-3CC6-48CB-AA5A-7438D1E39679>