On Mon, Dec 4, 2017 at 10:10 PM, Paul Moore wrote:
>> Hi Paul,
>>
>> We are just rolling in the process. Feedback is much appreciated!
>>
>> The idea is that we need to know the title as it will appear in Linus
>> tree and in other tested trees. It's also possible to override the
>> title later, i
On Tue, Dec 5, 2017 at 11:00 AM, Dmitry Vyukov wrote:
>>> > > > > > ===
>>> > > > > > ===
>>> > > > > > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0
>>> > > > > > lib/string.c:328
>>> > > > > > Read of size 1 at addr 8801cd99d2c
On Mon, Dec 4, 2017 at 6:33 PM, Stephen Smalley wrote:
> On Mon, 2017-12-04 at 17:39 +0100, Dmitry Vyukov wrote:
>> On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
>> > > > > On 2017/12/02 3:52, syzbot wrote:
>> > > > > > ===
>> > > > > >
On Mon, Dec 4, 2017 at 10:10 PM, Paul Moore wrote:
>> Hi Paul,
>>
>> We are just rolling in the process. Feedback is much appreciated!
>>
>> The idea is that we need to know the title as it will appear in Linus
>> tree and in other tested trees. It's also possible to override the
>> title later, i
On Mon, Dec 4, 2017 at 11:29 AM, Dmitry Vyukov wrote:
> On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
> Hi Paul,
>
> We are just rolling in the process. Feedback is much appreciated!
>
> The idea is that we need to know the title as it will appear in Linus
> tree and in other tested trees. It
On Mon, 2017-12-04 at 17:39 +0100, Dmitry Vyukov wrote:
> On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
> > > > > On 2017/12/02 3:52, syzbot wrote:
> > > > > > ===
> > > > > > ===
> > > > > > BUG: KASAN: slab-out-of-bounds in strcmp+0
On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
On 2017/12/02 3:52, syzbot wrote:
> ==
> BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
> Read of size 1 at addr 8801cd99d2c1 by task
On Mon, Dec 4, 2017 at 2:59 PM, Paul Moore wrote:
> ==
> BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
> Read of size 1 at addr 8801cd99d2c1 by task
> syzkaller242593/3087
>
> CP
Stephen Smalley wrote:
> > Thus, I guess the simplest fix is to use strncmp() instead of
> > strcmp().
>
> Already fixed by
> https://www.spinics.net/lists/selinux/msg23589.html
>
OK, I thought everyone was too busy.
I would appreciate if you responded to all.
On Mon, Dec 4, 2017 at 8:47 AM, Dmitry Vyukov wrote:
> On Mon, Dec 4, 2017 at 2:43 PM, Stephen Smalley wrote:
>> On Sun, 2017-12-03 at 20:33 +0900, Tetsuo Handa wrote:
>>> On 2017/12/02 3:52, syzbot wrote:
>>> > ==
>>> > BUG: KASAN:
On Sun, 2017-12-03 at 20:33 +0900, Tetsuo Handa wrote:
> On 2017/12/02 3:52, syzbot wrote:
> > ==
> > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
> > Read of size 1 at addr 8801cd99d2c1 by task
> > syzkaller
On Mon, Dec 4, 2017 at 2:43 PM, Stephen Smalley wrote:
> On Sun, 2017-12-03 at 20:33 +0900, Tetsuo Handa wrote:
>> On 2017/12/02 3:52, syzbot wrote:
>> > ==
>> > BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
>> >
Tetsuo Handa wrote:
> James Morris wrote:
> > On Sun, 3 Dec 2017, Tetsuo Handa wrote:
> >
> > > Tetsuo Handa wrote:
> > > > which will allow strcmp() to trigger out of bound read when "size" is
> > > > larger than strlen(initial_sid_to_string[i]).
> > >
> > > Oops. "smaller" than.
> > >
> > > >
James Morris wrote:
> On Sun, 3 Dec 2017, Tetsuo Handa wrote:
>
> > Tetsuo Handa wrote:
> > > which will allow strcmp() to trigger out of bound read when "size" is
> > > larger than strlen(initial_sid_to_string[i]).
> >
> > Oops. "smaller" than.
> >
> > >
> > > Thus, I guess the simplest fix is
On Sun, Dec 3, 2017 at 2:27 PM, Tetsuo Handa
wrote:
> Tetsuo Handa wrote:
>> which will allow strcmp() to trigger out of bound read when "size" is
>> larger than strlen(initial_sid_to_string[i]).
>
> Oops. "smaller" than.
>
>>
>> Thus, I guess the simplest fix is to use strncmp() instead of strcmp
On Sun, 3 Dec 2017, Tetsuo Handa wrote:
> Tetsuo Handa wrote:
> > which will allow strcmp() to trigger out of bound read when "size" is
> > larger than strlen(initial_sid_to_string[i]).
>
> Oops. "smaller" than.
>
> >
> > Thus, I guess the simplest fix is to use strncmp() instead of strcmp().
>
Tetsuo Handa wrote:
> which will allow strcmp() to trigger out of bound read when "size" is
> larger than strlen(initial_sid_to_string[i]).
Oops. "smaller" than.
>
> Thus, I guess the simplest fix is to use strncmp() instead of strcmp().
Can somebody test below patch? (My CentOS 7 environment d
On 2017/12/02 3:52, syzbot wrote:
> ==
> BUG: KASAN: slab-out-of-bounds in strcmp+0x96/0xb0 lib/string.c:328
> Read of size 1 at addr 8801cd99d2c1 by task syzkaller242593/3087
>
> CPU: 0 PID: 3087 Comm: syzkaller242593 Not tainted
18 matches
Mail list logo