On Sat, 2007-02-17 at 14:49 -0800, Andrew Morton wrote: > On Sat, 17 Feb 2007 13:03:02 -0800 [EMAIL PROTECTED] wrote: > > > http://bugzilla.kernel.org/show_bug.cgi?id=8028 > > > > Summary: capi_{cmsg,message}2str not thread-safe; vulnerable to > > buffer overflow > > Kernel Version: 2.6.20 > > Status: NEW > > Severity: high > > Owner: [EMAIL PROTECTED] > > Submitter: [EMAIL PROTECTED] > > > > > > See http://bugs.debian.org/408530 for an example of Asterisk crashing when > > calling these debugging extensions to CAPI. > > > > The same functions and implementations are present in the kernel and are > > used in > > several logging calls. I don't see any sign of locking or other measures > > that > > would make this thread-safe. The Debian bug report suggests that some > > messages > > can overflow the 8 KB buffer. I don't know enough about the protocol to tell > > whether this is a result of two threads trying to convert a message at the > > same > > time or whether it can result from a single long message. > > > > Ben, is someone at Debian planning on doing the kernel fix?
So far as I know, no-one on the kernel team was aware of the issue until today, so no-one has begun attempting to fix it. Ben. -- Ben Hutchings It is easier to change the specification to fit the program than vice versa.
signature.asc
Description: This is a digitally signed message part
