From owner-svn-src-head@freebsd.org Tue Apr 26 21:01:45 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0312DB1D09C for ; Tue, 26 Apr 2016 21:01:45 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AEF091DB5 for ; Tue, 26 Apr 2016 21:01:44 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk0-x22a.google.com with SMTP id x7so10840344qkd.3 for ; Tue, 26 Apr 2016 14:01:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=oFMCP1ML/jf8VCb03DhjUHlgBfUszdkExSbCeL08lGA=; b=oZjQNFYfm1A6qPE1WTPD2F9RsWxDKVGm8AtCVeSQumKvPvknliKBIYlRTxMc5HPz+x rH1bceyTuwh5z/XdKxp3fkfxzrH6067Gyu9yHZVcfIZPR7ZBH6g8SIJJW+cfDf5eSCe9 aDzzL2FivWPgt+UMZIxpyCNOEsKe3d6fkUeVTgiLb7mmH2acaooscl1qrjIEaGSvg3re OB+Xl9Sh6c6NnZVJeHJjQUVFYHfVvFeAv4gd+pSqTyBUOwx48vhlzhU8WNXqPNAUDyeu BkYeFmvVsipIfFy7He239lqpiqwfbfhyAVPvsG1IyOamSFuBl+DKggQlvgBHwQbkVqfw xm1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=oFMCP1ML/jf8VCb03DhjUHlgBfUszdkExSbCeL08lGA=; b=BIp07Ik0Ky3QeObBu+MM3HhPcBj+PWevbCFrGlA/9rB1Nfxlvy1TPQHq3ZulwsueyL R7KwtZmiMcF75SZy3DRXvYEZA7MEjvl44JxwCDlIw/o48YZ5RsNgRU1SLpUCRwESLC+o GWh0DEmz4hMk3xDut0n9kNGNeL3GzJrNOWl1b4K/sxEUgAI6RgCBdlbF/+GZVIxQejhD clINt6u+2fvunJeQ+1f43uOE9gk9N2Hzu/CBQXye0OPhcprwQrDRRioOyBOQkXrKypOY Qi4R9eGTJfPtKLBzsjiuwoY3QoQ/BjaXsPD0uX68Ko2OrD1Rk05gN6El/RPrWXmQ40zD W+FA== X-Gm-Message-State: AOPr4FWs6MzSs+oH1SHJpwj7Cnkiu8vGHP71iwlRU+vz5PZx246rQJnmZ55xW9X/VDKMBvfp X-Received: by 10.55.148.130 with SMTP id w124mr4850640qkd.203.1461704503917; Tue, 26 Apr 2016 14:01:43 -0700 (PDT) Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net. [73.135.80.144]) by smtp.gmail.com with ESMTPSA id 23sm157175qkd.8.2016.04.26.14.01.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Apr 2016 14:01:42 -0700 (PDT) Date: Tue, 26 Apr 2016 17:01:38 -0400 From: Shawn Webb To: Kristof Provost Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Message-ID: <20160426210138.GA13055@mutt-hardenedbsd> References: <201604262036.u3QKaWto038435@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tKW2IUtsqtDRztdT" Content-Disposition: inline In-Reply-To: <201604262036.u3QKaWto038435@repo.freebsd.org> X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2016 21:01:45 -0000 --tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: > Author: kp > Date: Tue Apr 26 20:36:32 2016 > New Revision: 298664 > URL: https://svnweb.freebsd.org/changeset/base/298664 >=20 > Log: > msdosfs: Prevent buffer overflow when expanding win95 names > =20 > In win2unixfn() we expand Windows 95 style long names. In some cases th= at > requires moving the data in the nbp->nb_buf buffer backwards to make ro= om. That > code failed to check for overflows, leading to a stack overflow in win2= unixfn(). > =20 > We now check for this event, and mark the entire conversion as failed i= n that > case. This means we present the 8 character, dos style, name instead. > =20 > PR: 204643 > Differential Revision: https://reviews.freebsd.org/D6015 Will this be MFC'd? Since it's triggerable as non-root, should this have a CVE? Though the commit log shows technical comments, it doesn't show related security information. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXH9cwAAoJEGqEZY9SRW7u9DwQAItTkSX4RH+ZPSeJ3MRf2W6e 3HdWTrekLkBru7U9siDhS+U8NZSfS1R9ua44nHDZbqpUBna6x8lBqnxzwAZ6HLZ1 uSEvtuexSxlMPOjqUXurHdAF+ESeOCRmBu9GuCUhcuSeHWCcaot0ZmipKPDP3qfr K6yyDqPKyF6F1lhlRx0f9ql1EfeBNEeZvopv8zi+iUqdyym1TbCp8w8T+sFebRUq J2y9xzjp4YrHVNoRvDsK2j4HTdg4zvhQaT/DBtj8Qt3kSfpPnNVJWV5D5+M58pGQ rts3htnxVKRiZYYJaSAauBm50qt+HHqkbsFKGTjfWXRLIrvwtoqdXxHGEL2hzOx5 +0rPf8icQtz6yGTjv4Q9YHku/Ga0Ki5C/BaMI1ov/WkUG1h/pF4XI67uTFuGoo9N 9oI+91UMFgDjBcgeTvOmM1OZJdALtxZmBnev6RIYIfyTzT7JhkjXQchiup+R/HXK hWoeNACSwFa5Tod4NTHwdq+XpdZNgletu7BGfvd8ysEgBK1ev4NpQv23QATLd+pG 22INiBRsIyT0aT4+I7t2gsRp2jtDc+FXxql/RLRg2iw493OBTUlyhrgicQGF9mtd ViEC8WyAbkWS5CMWNWA0jdmrXi5F2Fw+gX8npEW/d9lRRkipXbQvyAgoxxc3tZ46 J25FTASTZiiHkSiA+OA1 =cq7Y -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT--