Date: Tue, 26 Apr 2016 17:01:38 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Kristof Provost <kp@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Message-ID: <20160426210138.GA13055@mutt-hardenedbsd> In-Reply-To: <201604262036.u3QKaWto038435@repo.freebsd.org> References: <201604262036.u3QKaWto038435@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: > Author: kp > Date: Tue Apr 26 20:36:32 2016 > New Revision: 298664 > URL: https://svnweb.freebsd.org/changeset/base/298664 >=20 > Log: > msdosfs: Prevent buffer overflow when expanding win95 names > =20 > In win2unixfn() we expand Windows 95 style long names. In some cases th= at > requires moving the data in the nbp->nb_buf buffer backwards to make ro= om. That > code failed to check for overflows, leading to a stack overflow in win2= unixfn(). > =20 > We now check for this event, and mark the entire conversion as failed i= n that > case. This means we present the 8 character, dos style, name instead. > =20 > PR: 204643 > Differential Revision: https://reviews.freebsd.org/D6015 Will this be MFC'd? Since it's triggerable as non-root, should this have a CVE? Though the commit log shows technical comments, it doesn't show related security information. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXH9cwAAoJEGqEZY9SRW7u9DwQAItTkSX4RH+ZPSeJ3MRf2W6e 3HdWTrekLkBru7U9siDhS+U8NZSfS1R9ua44nHDZbqpUBna6x8lBqnxzwAZ6HLZ1 uSEvtuexSxlMPOjqUXurHdAF+ESeOCRmBu9GuCUhcuSeHWCcaot0ZmipKPDP3qfr K6yyDqPKyF6F1lhlRx0f9ql1EfeBNEeZvopv8zi+iUqdyym1TbCp8w8T+sFebRUq J2y9xzjp4YrHVNoRvDsK2j4HTdg4zvhQaT/DBtj8Qt3kSfpPnNVJWV5D5+M58pGQ rts3htnxVKRiZYYJaSAauBm50qt+HHqkbsFKGTjfWXRLIrvwtoqdXxHGEL2hzOx5 +0rPf8icQtz6yGTjv4Q9YHku/Ga0Ki5C/BaMI1ov/WkUG1h/pF4XI67uTFuGoo9N 9oI+91UMFgDjBcgeTvOmM1OZJdALtxZmBnev6RIYIfyTzT7JhkjXQchiup+R/HXK hWoeNACSwFa5Tod4NTHwdq+XpdZNgletu7BGfvd8ysEgBK1ev4NpQv23QATLd+pG 22INiBRsIyT0aT4+I7t2gsRp2jtDc+FXxql/RLRg2iw493OBTUlyhrgicQGF9mtd ViEC8WyAbkWS5CMWNWA0jdmrXi5F2Fw+gX8npEW/d9lRRkipXbQvyAgoxxc3tZ46 J25FTASTZiiHkSiA+OA1 =cq7Y -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160426210138.GA13055>