svn commit: r298664 - head/sys/fs/msdosfs
Shawn Webb
shawn.webb at hardenedbsd.org
Tue Apr 26 21:01:45 UTC 2016
On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote:
> Author: kp
> Date: Tue Apr 26 20:36:32 2016
> New Revision: 298664
> URL: https://svnweb.freebsd.org/changeset/base/298664
>
> Log:
> msdosfs: Prevent buffer overflow when expanding win95 names
>
> In win2unixfn() we expand Windows 95 style long names. In some cases that
> requires moving the data in the nbp->nb_buf buffer backwards to make room. That
> code failed to check for overflows, leading to a stack overflow in win2unixfn().
>
> We now check for this event, and mark the entire conversion as failed in that
> case. This means we present the 8 character, dos style, name instead.
>
> PR: 204643
> Differential Revision: https://reviews.freebsd.org/D6015
Will this be MFC'd? Since it's triggerable as non-root, should this have
a CVE? Though the commit log shows technical comments, it doesn't show
related security information.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20160426/419d5b16/attachment.sig>
More information about the svn-src-head
mailing list