Date: Tue, 26 Apr 2016 23:45:50 +0200 From: Oliver Pinter <oliver.pinter@hardenedbsd.org> To: Kristof Provost <kp@freebsd.org> Cc: Shawn Webb <shawn.webb@hardenedbsd.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs Message-ID: <CAPQ4fftvCr5mOfwS-bpsn9bjN70Csrnwndc-WNukguDKE83deQ@mail.gmail.com> In-Reply-To: <AE739B63-904D-4B17-A963-16BCBDF96868@FreeBSD.org> References: <201604262036.u3QKaWto038435@repo.freebsd.org> <20160426210138.GA13055@mutt-hardenedbsd> <2190C480-1B7A-47F8-BFB4-D7C8E6F25385@FreeBSD.org> <20160426213754.GD13055@mutt-hardenedbsd> <AE739B63-904D-4B17-A963-16BCBDF96868@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/26/16, Kristof Provost <kp@freebsd.org> wrote: > >> On 26 Apr 2016, at 23:37, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: >> >> On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: >>> >>>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.webb@hardenedbsd.org> >>>> wrote: >>>> >>>> On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: >>>>> Author: kp >>>>> Date: Tue Apr 26 20:36:32 2016 >>>>> New Revision: 298664 >>>>> URL: https://svnweb.freebsd.org/changeset/base/298664 >>>>> >>>>> Log: >>>>> msdosfs: Prevent buffer overflow when expanding win95 names >>>>> >>>>> In win2unixfn() we expand Windows 95 style long names. In some cases >>>>> that >>>>> requires moving the data in the nbp->nb_buf buffer backwards to make >>>>> room. That >>>>> code failed to check for overflows, leading to a stack overflow in >>>>> win2unixfn(). >>>>> >>>>> We now check for this event, and mark the entire conversion as failed >>>>> in that >>>>> case. This means we present the 8 character, dos style, name instead. >>>>> >>>>> PR: 204643 >>>>> Differential Revision: https://reviews.freebsd.org/D6015 >>>> >>>> Will this be MFC'd? Since it's triggerable as non-root, should this >>>> have >>>> a CVE? Though the commit log shows technical comments, it doesn't show >>>> related security information. >>> >>> Yes, I???ll put MFCing this on my todo list. >> >> When do you plan to MFC? > > I=E2=80=99d originally planned to do so around Monday, but I can try to d= o it > earlier. > Iirc. the usual minimal period is 3 days, so that=E2=80=99d be Friday eve= ning (for > me). > > I=E2=80=99m travelling Friday/Saturday/Sunday, so it=E2=80=99s hard to gi= ve solid promises. > > (Unless secteam judges this to be more urgent of course, in which case I= =E2=80=99d > be happy to do it earlier.) Cool! Thank you Kristof. We test them now in HardenedBSD with more updates from 11-CURRENT. https://github.com/HardenedBSD/hardenedBSD/commits/hardened/10-stable/maste= r > > Regards, > Kristof > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4fftvCr5mOfwS-bpsn9bjN70Csrnwndc-WNukguDKE83deQ>