Re: [PATCH 5/9] hfsplus: Known exploit detection for CVE-2012-2319
From: One Thousand Gnomes
Date: Fri Dec 13 2013 - 06:14:07 EST
On Thu, 12 Dec 2013 17:52:28 +0100
vegard.nossum@xxxxxxxxxx wrote:
> From: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
>
> See 6f24f892871acc47b40dd594c63606a17c714f77.
>
> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Vegard Nossum <vegard.nossum@xxxxxxxxxx>
> ---
> fs/hfsplus/catalog.c | 2 ++
> fs/hfsplus/dir.c | 3 +++
> 2 files changed, 5 insertions(+)
>
> diff --git a/fs/hfsplus/catalog.c b/fs/hfsplus/catalog.c
> index 968ce41..5f47a1a 100644
> --- a/fs/hfsplus/catalog.c
> +++ b/fs/hfsplus/catalog.c
> @@ -8,6 +8,7 @@
> * Handling of catalog records
> */
>
> +#include <linux/exploit.h>
>
> #include "hfsplus_fs.h"
> #include "hfsplus_raw.h"
> @@ -374,6 +375,7 @@ int hfsplus_rename_cat(u32 cnid,
> if (err)
> goto out;
> if (src_fd.entrylength > sizeof(entry) || src_fd.entrylength < 0) {
> + exploit("CVE-2012-2319");
Whooppee but if I drive the box totally out of memory with several of
these file systems I can cause all sorts of problems due to missing null
checks, and I can feed some others such as reiserfs (why do we still ship
that ?) corrupt disk images and patch the kernel that way.
So surely we ought to be fixing the actual bugs first ?
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/