From owner-svn-src-head@freebsd.org  Tue Apr 26 21:45:52 2016
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B26F7B1C2E6
 for <svn-src-head@mailman.ysv.freebsd.org>;
 Tue, 26 Apr 2016 21:45:52 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: from mail-wm0-x230.google.com (mail-wm0-x230.google.com
 [IPv6:2a00:1450:400c:c09::230])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4C6F411D4
 for <svn-src-head@freebsd.org>; Tue, 26 Apr 2016 21:45:52 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: by mail-wm0-x230.google.com with SMTP id v200so24233533wmv.1
 for <svn-src-head@freebsd.org>; Tue, 26 Apr 2016 14:45:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-transfer-encoding;
 bh=upqfK76HLgOwzkGzO7pXkjho9NqELkf/SSOdSdDPDN8=;
 b=mftnqb5oZ06oCbHy/YPCUcO8jAWKwHGSGOZidhLEpgzRSW74qMy5q07xUDxtJSkEGT
 DDsao0O4V8Aj8buPpR3iKJHRb2pqJnufgkyWCvVylQ4PM3K2KqJuZdPpaBVe7So4mSrZ
 Ttx8o+yjs7U/SW7FSDqvFzUVtrZYqJbr0aqB/Q45UTIMR+S5/Jod2ZPsPzwkha7mijsO
 X5UR2GSI3otiKTY//PvqexdCgQvoq+864bBW55Bvmwe4L4hs7qB2A5GHTBO3U7/LgSV8
 GZ3IUmj5HVYIianJsdwdeYaTIL9WDIUxB69p5T/mOftN/yerbMbUzskyRDL/OEmgjwx2
 xOfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-transfer-encoding;
 bh=upqfK76HLgOwzkGzO7pXkjho9NqELkf/SSOdSdDPDN8=;
 b=BhJJjarBUmcQH4SdzyYhbIwHl1F9NIC5jUAkDjkMUU4kCV4bmTi5k7VxcTJZFTtiIO
 6jeFq9qdAnflgUC3qnvyWwuDdE2aIEsv8HBJlBVKGRaNsjDdBE21gfImzzs4xKUKlQSc
 1BuXBQIKrBVVMTojSGxWVV1rae+V1Q0jcL+8n3W8Ovoi3EjBjLDsc2PgRuX1cXUz33vV
 KMJV0kUuztrWZN4R1oKZYYn929snUv5wbIdmMN4zFXXBL7jGPolR48qBTIhgtQl2RfAT
 w0RqI+ojpm1xIB5MeoYGqmJePiCvkBTF3F8Ut1PBP4dgUY9GNyV3eWdvZ9cPylzulUvP
 oNyw==
X-Gm-Message-State: AOPr4FWfzt29Dmpp+aWPjOfkjFKqB4lTt7enNwlmrPBQRGlzBvGDC5VbIpPAzCxbJaWpDq6MC5yxUX4LKF1r849K
MIME-Version: 1.0
X-Received: by 10.28.211.136 with SMTP id k130mr5829342wmg.81.1461707150715;
 Tue, 26 Apr 2016 14:45:50 -0700 (PDT)
Received: by 10.194.107.74 with HTTP; Tue, 26 Apr 2016 14:45:50 -0700 (PDT)
In-Reply-To: <AE739B63-904D-4B17-A963-16BCBDF96868@FreeBSD.org>
References: <201604262036.u3QKaWto038435@repo.freebsd.org>
 <20160426210138.GA13055@mutt-hardenedbsd>
 <2190C480-1B7A-47F8-BFB4-D7C8E6F25385@FreeBSD.org>
 <20160426213754.GD13055@mutt-hardenedbsd>
 <AE739B63-904D-4B17-A963-16BCBDF96868@FreeBSD.org>
Date: Tue, 26 Apr 2016 23:45:50 +0200
Message-ID: <CAPQ4fftvCr5mOfwS-bpsn9bjN70Csrnwndc-WNukguDKE83deQ@mail.gmail.com>
Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs
From: Oliver Pinter <oliver.pinter@hardenedbsd.org>
To: Kristof Provost <kp@freebsd.org>
Cc: Shawn Webb <shawn.webb@hardenedbsd.org>, svn-src-head@freebsd.org, 
 svn-src-all@freebsd.org, src-committers@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Apr 2016 21:45:52 -0000

On 4/26/16, Kristof Provost <kp@freebsd.org> wrote:
>
>> On 26 Apr 2016, at 23:37, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
>>
>> On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>>>
>>>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.webb@hardenedbsd.org>
>>>> wrote:
>>>>
>>>> On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote:
>>>>> Author: kp
>>>>> Date: Tue Apr 26 20:36:32 2016
>>>>> New Revision: 298664
>>>>> URL: https://svnweb.freebsd.org/changeset/base/298664
>>>>>
>>>>> Log:
>>>>> msdosfs: Prevent buffer overflow when expanding win95 names
>>>>>
>>>>> In win2unixfn() we expand Windows 95 style long names. In some cases
>>>>> that
>>>>> requires moving the data in the nbp->nb_buf buffer backwards to make
>>>>> room. That
>>>>> code failed to check for overflows, leading to a stack overflow in
>>>>> win2unixfn().
>>>>>
>>>>> We now check for this event, and mark the entire conversion as failed
>>>>> in that
>>>>> case. This means we present the 8 character, dos style, name instead.
>>>>>
>>>>> PR: 204643
>>>>> Differential Revision:	https://reviews.freebsd.org/D6015
>>>>
>>>> Will this be MFC'd? Since it's triggerable as non-root, should this
>>>> have
>>>> a CVE? Though the commit log shows technical comments, it doesn't show
>>>> related security information.
>>>
>>> Yes, I???ll put MFCing this on my todo list.
>>
>> When do you plan to MFC?
>
> I=E2=80=99d originally planned to do so around Monday, but I can try to d=
o it
> earlier.
> Iirc. the usual minimal period is 3 days, so that=E2=80=99d be Friday eve=
ning (for
> me).
>
> I=E2=80=99m travelling Friday/Saturday/Sunday, so it=E2=80=99s hard to gi=
ve solid promises.
>
> (Unless secteam judges this to be more urgent of course, in which case I=
=E2=80=99d
> be happy to do it earlier.)

Cool! Thank you Kristof. We test them now in HardenedBSD with more
updates from 11-CURRENT.

https://github.com/HardenedBSD/hardenedBSD/commits/hardened/10-stable/maste=
r

>
> Regards,
> Kristof
>
>