Date: Tue, 26 Apr 2016 17:37:54 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Kristof Provost <kp@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Message-ID: <20160426213754.GD13055@mutt-hardenedbsd> In-Reply-To: <2190C480-1B7A-47F8-BFB4-D7C8E6F25385@FreeBSD.org> References: <201604262036.u3QKaWto038435@repo.freebsd.org> <20160426210138.GA13055@mutt-hardenedbsd> <2190C480-1B7A-47F8-BFB4-D7C8E6F25385@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--6Nae48J/T25AfBN4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: >=20 > > On 26 Apr 2016, at 23:01, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > >=20 > > On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: > >> Author: kp > >> Date: Tue Apr 26 20:36:32 2016 > >> New Revision: 298664 > >> URL: https://svnweb.freebsd.org/changeset/base/298664 > >>=20 > >> Log: > >> msdosfs: Prevent buffer overflow when expanding win95 names > >>=20 > >> In win2unixfn() we expand Windows 95 style long names. In some cases = that > >> requires moving the data in the nbp->nb_buf buffer backwards to make = room. That > >> code failed to check for overflows, leading to a stack overflow in wi= n2unixfn(). > >>=20 > >> We now check for this event, and mark the entire conversion as failed= in that > >> case. This means we present the 8 character, dos style, name instead. > >>=20 > >> PR: 204643 > >> Differential Revision: https://reviews.freebsd.org/D6015 > >=20 > > Will this be MFC'd? Since it's triggerable as non-root, should this have > > a CVE? Though the commit log shows technical comments, it doesn't show > > related security information. >=20 > Yes, I???ll put MFCing this on my todo list. When do you plan to MFC? --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --6Nae48J/T25AfBN4 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXH9+wAAoJEGqEZY9SRW7uMIoP/1nsAPZZxMOh9AGsY2XxDK30 rK6TTSunMueANUVY8P25xrHlt6pIkneUDZbiFglhQt+S0LVvbisXuPxQrMnomYvw Nrn+HhaWtCL0YjYSF9wIeX6aO4qJwpABFMrgs5rpnczFVAMU2gBTW2G1GdoF6CPm l0i+0gumvgI37Mqz1gowjFN/eIQLFr/qiugqG9ubBn3UwD5Shx5VCxeMGyGXzsuK PA05Q65ScG6Mv675R4Mig9saChvBLUOrXPblu+WN+62JlvaHfyxx1Y5q8CLmGUdE 0xqQpqvmRxzP41uQyMQYjDnoOilyMiAPiXc4DMZMY4XXaNls3oP9PRltCmYxw9Pz aV+in6PfdJ5bJeHsuUk/00VnkaS97SfLN5w+c/1EE+uVeGDexyulT2wJPuzho724 bo3hVWILpPc9vylAn+T1uTDh5XhHJyf/Su9Bb6J9YPitI5MYhI5qS+w3w7PFToqC D6o5cYznfq6M4PASGXD4T1YBuGeOHzTr8IPdxskKJiMAGgGCPcYTyuJKj2dxtffw TxhaEfg+YxIrRiK8iv+WUu0uxscQAPqxzoLatjBujGqko3RfB3UCkhQ4TdmVYmXL bRtaWwayxHh5q7zv0djOcVu9QbqtIQ7lNCGYm+el3Vu0jDfQoe0vCRkjF0SIntzP /tt0VGkq3YkapavIHxzp =i2Th -----END PGP SIGNATURE----- --6Nae48J/T25AfBN4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160426213754.GD13055>