On 4/26/16, Kristof Provost <k...@freebsd.org> wrote: > >> On 26 Apr 2016, at 23:37, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: >> >> On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: >>> >>>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> >>>> wrote: >>>> >>>> On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: >>>>> Author: kp >>>>> Date: Tue Apr 26 20:36:32 2016 >>>>> New Revision: 298664 >>>>> URL: https://svnweb.freebsd.org/changeset/base/298664 >>>>> >>>>> Log: >>>>> msdosfs: Prevent buffer overflow when expanding win95 names >>>>> >>>>> In win2unixfn() we expand Windows 95 style long names. In some cases >>>>> that >>>>> requires moving the data in the nbp->nb_buf buffer backwards to make >>>>> room. That >>>>> code failed to check for overflows, leading to a stack overflow in >>>>> win2unixfn(). >>>>> >>>>> We now check for this event, and mark the entire conversion as failed >>>>> in that >>>>> case. This means we present the 8 character, dos style, name instead. >>>>> >>>>> PR: 204643 >>>>> Differential Revision: https://reviews.freebsd.org/D6015 >>>> >>>> Will this be MFC'd? Since it's triggerable as non-root, should this >>>> have >>>> a CVE? Though the commit log shows technical comments, it doesn't show >>>> related security information. >>> >>> Yes, I???ll put MFCing this on my todo list. >> >> When do you plan to MFC? > > I’d originally planned to do so around Monday, but I can try to do it > earlier. > Iirc. the usual minimal period is 3 days, so that’d be Friday evening (for > me). > > I’m travelling Friday/Saturday/Sunday, so it’s hard to give solid promises. > > (Unless secteam judges this to be more urgent of course, in which case I’d > be happy to do it earlier.)
Cool! Thank you Kristof. We test them now in HardenedBSD with more updates from 11-CURRENT. https://github.com/HardenedBSD/hardenedBSD/commits/hardened/10-stable/master > > Regards, > Kristof > > _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
