svn commit: r298664 - head/sys/fs/msdosfs

[Kristof Provost]

> On 26 Apr 2016, at 23:37, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> 
> On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>> 
>>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
>>> 
>>> On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote:
>>>> Author: kp
>>>> Date: Tue Apr 26 20:36:32 2016
>>>> New Revision: 298664
>>>> URL: https://svnweb.freebsd.org/changeset/base/298664
>>>> 
>>>> Log:
>>>> msdosfs: Prevent buffer overflow when expanding win95 names
>>>> 
>>>> In win2unixfn() we expand Windows 95 style long names. In some cases that
>>>> requires moving the data in the nbp->nb_buf buffer backwards to make room. That
>>>> code failed to check for overflows, leading to a stack overflow in win2unixfn().
>>>> 
>>>> We now check for this event, and mark the entire conversion as failed in that
>>>> case. This means we present the 8 character, dos style, name instead.
>>>> 
>>>> PR: 204643
>>>> Differential Revision:	https://reviews.freebsd.org/D6015
>>> 
>>> Will this be MFC'd? Since it's triggerable as non-root, should this have
>>> a CVE? Though the commit log shows technical comments, it doesn't show
>>> related security information.
>> 
>> Yes, I???ll put MFCing this on my todo list.
> 
> When do you plan to MFC?

I’d originally planned to do so around Monday, but I can try to do it earlier.
Iirc. the usual minimal period is 3 days, so that’d be Friday evening (for me).

I’m travelling Friday/Saturday/Sunday, so it’s hard to give solid promises.

(Unless secteam judges this to be more urgent of course, in which case I’d be happy to do it earlier.)

Regards,
Kristof

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20160426/b264abea/attachment-0001.sig>