Date: Tue, 26 Apr 2016 23:42:22 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Message-ID: <AE739B63-904D-4B17-A963-16BCBDF96868@FreeBSD.org> In-Reply-To: <20160426213754.GD13055@mutt-hardenedbsd> References: <201604262036.u3QKaWto038435@repo.freebsd.org> <20160426210138.GA13055@mutt-hardenedbsd> <2190C480-1B7A-47F8-BFB4-D7C8E6F25385@FreeBSD.org> <20160426213754.GD13055@mutt-hardenedbsd>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_AB1A2737-AD2D-42B6-8E09-15E342E6AD44 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 26 Apr 2016, at 23:37, Shawn Webb <shawn.webb@hardenedbsd.org> = wrote: >=20 > On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: >>=20 >>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.webb@hardenedbsd.org> = wrote: >>>=20 >>> On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: >>>> Author: kp >>>> Date: Tue Apr 26 20:36:32 2016 >>>> New Revision: 298664 >>>> URL: https://svnweb.freebsd.org/changeset/base/298664 >>>>=20 >>>> Log: >>>> msdosfs: Prevent buffer overflow when expanding win95 names >>>>=20 >>>> In win2unixfn() we expand Windows 95 style long names. In some = cases that >>>> requires moving the data in the nbp->nb_buf buffer backwards to = make room. That >>>> code failed to check for overflows, leading to a stack overflow in = win2unixfn(). >>>>=20 >>>> We now check for this event, and mark the entire conversion as = failed in that >>>> case. This means we present the 8 character, dos style, name = instead. >>>>=20 >>>> PR: 204643 >>>> Differential Revision: https://reviews.freebsd.org/D6015 >>>=20 >>> Will this be MFC'd? Since it's triggerable as non-root, should this = have >>> a CVE? Though the commit log shows technical comments, it doesn't = show >>> related security information. >>=20 >> Yes, I???ll put MFCing this on my todo list. >=20 > When do you plan to MFC? I=E2=80=99d originally planned to do so around Monday, but I can try to = do it earlier. Iirc. the usual minimal period is 3 days, so that=E2=80=99d be Friday = evening (for me). I=E2=80=99m travelling Friday/Saturday/Sunday, so it=E2=80=99s hard to = give solid promises. (Unless secteam judges this to be more urgent of course, in which case = I=E2=80=99d be happy to do it earlier.) Regards, Kristof --Apple-Mail=_AB1A2737-AD2D-42B6-8E09-15E342E6AD44 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJXH+DEAAoJEG/E3HH7XkpG5r0H/3/rEzYbLqoPzgGuDWO4xalB spdecmAbjWoKm4evCGIeXzSxhbWLyv5lC6WN9fD3o7jao0nSOUz/XuuQYBwfE8yo vF/0VDFokwXSzYdgMgnPU6B0dWAeKALbW2PL8JcmJ7/Uwy6KdAwYco40Z4nhnLBk zpDG9yFMRBJRq4Kdr4evgcq0XWan9CyFYdtrTzJV0mMpNZ0S0runJY1QNfyE71Rb qr7RsOpN4i6H385hT9UlKpVN9oaLp/vHVw3x9JiVwJgXCR4H81eRQnKafbLcGT2Z QbaqtfN8SYXWLMPgRfQytkAHpHBKY6KqdA2apHWHQ98m4Sv4UJahxr7iK/Q1dgg= =nQsC -----END PGP SIGNATURE----- --Apple-Mail=_AB1A2737-AD2D-42B6-8E09-15E342E6AD44--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AE739B63-904D-4B17-A963-16BCBDF96868>