From owner-svn-src-head@freebsd.org Tue Apr 26 21:42:31 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3729B1C151; Tue, 26 Apr 2016 21:42:31 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9BF421E2C; Tue, 26 Apr 2016 21:42:31 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [IPv6:2a02:1811:2419:4e02:8d7d:588c:ce11:391d] (unknown [IPv6:2a02:1811:2419:4e02:8d7d:588c:ce11:391d]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id E5C3220F65; Tue, 26 Apr 2016 23:42:28 +0200 (CEST) Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Content-Type: multipart/signed; boundary="Apple-Mail=_AB1A2737-AD2D-42B6-8E09-15E342E6AD44"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail 2.6b2 From: Kristof Provost X-Checked-By-Nsa: Probably In-Reply-To: <20160426213754.GD13055@mutt-hardenedbsd> Date: Tue, 26 Apr 2016 23:42:22 +0200 Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Message-Id: References: <201604262036.u3QKaWto038435@repo.freebsd.org> <20160426210138.GA13055@mutt-hardenedbsd> <2190C480-1B7A-47F8-BFB4-D7C8E6F25385@FreeBSD.org> <20160426213754.GD13055@mutt-hardenedbsd> To: Shawn Webb X-Mailer: Apple Mail (2.3124) X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2016 21:42:32 -0000 --Apple-Mail=_AB1A2737-AD2D-42B6-8E09-15E342E6AD44 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 26 Apr 2016, at 23:37, Shawn Webb = wrote: >=20 > On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: >>=20 >>> On 26 Apr 2016, at 23:01, Shawn Webb = wrote: >>>=20 >>> On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: >>>> Author: kp >>>> Date: Tue Apr 26 20:36:32 2016 >>>> New Revision: 298664 >>>> URL: https://svnweb.freebsd.org/changeset/base/298664 >>>>=20 >>>> Log: >>>> msdosfs: Prevent buffer overflow when expanding win95 names >>>>=20 >>>> In win2unixfn() we expand Windows 95 style long names. In some = cases that >>>> requires moving the data in the nbp->nb_buf buffer backwards to = make room. That >>>> code failed to check for overflows, leading to a stack overflow in = win2unixfn(). >>>>=20 >>>> We now check for this event, and mark the entire conversion as = failed in that >>>> case. This means we present the 8 character, dos style, name = instead. >>>>=20 >>>> PR: 204643 >>>> Differential Revision: https://reviews.freebsd.org/D6015 >>>=20 >>> Will this be MFC'd? Since it's triggerable as non-root, should this = have >>> a CVE? Though the commit log shows technical comments, it doesn't = show >>> related security information. >>=20 >> Yes, I???ll put MFCing this on my todo list. >=20 > When do you plan to MFC? I=E2=80=99d originally planned to do so around Monday, but I can try to = do it earlier. Iirc. the usual minimal period is 3 days, so that=E2=80=99d be Friday = evening (for me). I=E2=80=99m travelling Friday/Saturday/Sunday, so it=E2=80=99s hard to = give solid promises. (Unless secteam judges this to be more urgent of course, in which case = I=E2=80=99d be happy to do it earlier.) Regards, Kristof --Apple-Mail=_AB1A2737-AD2D-42B6-8E09-15E342E6AD44 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJXH+DEAAoJEG/E3HH7XkpG5r0H/3/rEzYbLqoPzgGuDWO4xalB spdecmAbjWoKm4evCGIeXzSxhbWLyv5lC6WN9fD3o7jao0nSOUz/XuuQYBwfE8yo vF/0VDFokwXSzYdgMgnPU6B0dWAeKALbW2PL8JcmJ7/Uwy6KdAwYco40Z4nhnLBk zpDG9yFMRBJRq4Kdr4evgcq0XWan9CyFYdtrTzJV0mMpNZ0S0runJY1QNfyE71Rb qr7RsOpN4i6H385hT9UlKpVN9oaLp/vHVw3x9JiVwJgXCR4H81eRQnKafbLcGT2Z QbaqtfN8SYXWLMPgRfQytkAHpHBKY6KqdA2apHWHQ98m4Sv4UJahxr7iK/Q1dgg= =nQsC -----END PGP SIGNATURE----- --Apple-Mail=_AB1A2737-AD2D-42B6-8E09-15E342E6AD44--