Your message dated Wed, 11 May 2005 18:39:52 +0900
with message-id <[EMAIL PROTECTED]>
and subject line kernel-source-2.4.27: strncpy does not 0-pad destination on
some archs
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Nov 2004 20:59:09 +0000
>From [EMAIL PROTECTED] Tue Nov 09 12:59:09 2004
Return-path: <[EMAIL PROTECTED]>
Received: from mail-out.m-online.net [212.18.0.9]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CRd53-0003s1-00; Tue, 09 Nov 2004 12:59:09 -0800
Received: from svr14.m-online.net (mail.m-online.net [192.168.3.144])
by mail-out.m-online.net (Postfix) with ESMTP id 2E9DC2A19;
Tue, 9 Nov 2004 21:59:08 +0100 (CET)
Received: from k.local (ppp-82-135-5-239.mnet-online.de [82.135.5.239])
by mail.m-online.net (Postfix) with ESMTP id 8EED11492A9;
Tue, 9 Nov 2004 21:55:15 +0100 (CET)
Received: from stf by k.local with local (Exim 4.34)
id 1CRd1G-0008Cg-7G; Tue, 09 Nov 2004 21:55:14 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Stefan Fritsch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs
X-Mailer: reportbug 3.1
Date: Tue, 09 Nov 2004 21:55:14 +0100
Message-Id: <[EMAIL PROTECTED]>
Sender: Stefan Fritsch <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: kernel-source-2.4.27
Version: 2.4.27-5
Severity: normal
Tags: security
This doesn't seem to be fixed in the debian 2.4.x kernels:
CAN-2003-0465:
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the
buffer on architectures other than x86, as opposed to the expected
behavior of strncpy as implemented in libc, which could lead to
information leaks.
The generic .c version of strncpy is fixed in 2.6.x but not in 2.4.x .
The x86 and ppc32 specific asm versions are fixed, but alpha, s390x, ppc64,
m68k, mips, and s390 seem to be unfixed. (However, I don't really understand
these assembler versions. Maybe someone who does could also check the 2.6 asm
versions).
---------------------------------------
Received: (at 280492-done) by bugs.debian.org; 11 May 2005 09:52:53 +0000
>From [EMAIL PROTECTED] Wed May 11 02:52:53 2005
Return-path: <[EMAIL PROTECTED]>
Received: from koto.vergenet.net [210.128.90.7]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DVntd-0000Kz-00; Wed, 11 May 2005 02:52:53 -0700
Received: by koto.vergenet.net (Postfix, from userid 7100)
id 34FC134031; Wed, 11 May 2005 18:26:30 +0900 (JST)
Date: Wed, 11 May 2005 18:39:52 +0900
From: Horms <[EMAIL PROTECTED]>
To: Moritz Muehlenhoff <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], Stefan Fritsch <[EMAIL PROTECTED]>
Subject: Re: kernel-source-2.4.27: strncpy does not 0-pad destination on some
archs
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
X-Cluestick: seven
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
I just revisited this problem and I see that for 2.4.27, 2.6.8 and
2.6.11 arch/alpha/lib/strncpy.S starts with this comment.
/*
* arch/alpha/lib/strncpy.S
* Contributed by Richard Henderson ([EMAIL PROTECTED])
*
* Copy no more than COUNT bytes of the null-terminated string from
* SRC to DST. If SRC does not cover all of COUNT, the balance is
* zeroed.
*
* Or, rather, if the kernel cared about that weird ANSI quirk. This
* version has cropped that bit o' nastiness as well as assuming that
* __stxncpy is in range of a branch.
*/
Which seems to mean that this bug doesn't apply to alpha,
or was fixed a long time ago. I am closing this bug accordingly.
--
Horms
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
