Re: security: potential out-of-bound read at ewah_io.c |ewah_read_mmap|

On Tue, Jun 19, 2018 at 07:00:48PM +, Dyer, Edwin wrote: > Just curious if there was any additional comment on this potential > OOB? I may have missed it and if so, apologies for the ask. The fix is in master, and should be part of the upcoming v2.18. See commit 9d2e330b17 (ewah_read_mmap:

RE: security: potential out-of-bound read at ewah_io.c |ewah_read_mmap|

, June 14, 2018 7:00 PM To: git@vger.kernel.org Subject: security: potential out-of-bound read at ewah_io.c |ewah_read_mmap| Hi folks, Recently, I’ve found a security issue related to out-of-bound read at function named `ewah_read_mmap` Assume that, an attacker can put malicious `./git/index

Re: security: potential out-of-bound read at ewah_io.c |ewah_read_mmap|

Jeff King writes: > On Fri, Jun 15, 2018 at 06:59:43AM +0800, Luat Nguyen wrote: > >> Recently, I’ve found a security issue related to out-of-bound read at >> function named `ewah_read_mmap` > > Thanks, this is definitely a bug worth addressing. But note... > >> Assume that, an attacker can put

Re: security: potential out-of-bound read at ewah_io.c |ewah_read_mmap|

On Fri, Jun 15, 2018 at 06:59:43AM +0800, Luat Nguyen wrote: > Recently, I’ve found a security issue related to out-of-bound read at > function named `ewah_read_mmap` Thanks, this is definitely a bug worth addressing. But note... > Assume that, an attacker can put malicious `./git/index` into

security: potential out-of-bound read at ewah_io.c |ewah_read_mmap|

Hi folks, Recently, I’ve found a security issue related to out-of-bound read at function named `ewah_read_mmap` Assume that, an attacker can put malicious `./git/index` into a repo by somehow. Since there is lack of check whether the remaining size of `ptr`is equal to `buffer_size` or not.