> On 26 Apr 2016, at 23:37, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: >> >>> On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: >>> >>> On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: >>>> Author: kp >>>> Date: Tue Apr 26 20:36:32 2016 >>>> New Revision: 298664 >>>> URL: https://svnweb.freebsd.org/changeset/base/298664 >>>> >>>> Log: >>>> msdosfs: Prevent buffer overflow when expanding win95 names >>>> >>>> In win2unixfn() we expand Windows 95 style long names. In some cases that >>>> requires moving the data in the nbp->nb_buf buffer backwards to make room. >>>> That >>>> code failed to check for overflows, leading to a stack overflow in >>>> win2unixfn(). >>>> >>>> We now check for this event, and mark the entire conversion as failed in >>>> that >>>> case. This means we present the 8 character, dos style, name instead. >>>> >>>> PR: 204643 >>>> Differential Revision: https://reviews.freebsd.org/D6015 >>> >>> Will this be MFC'd? Since it's triggerable as non-root, should this have >>> a CVE? Though the commit log shows technical comments, it doesn't show >>> related security information. >> >> Yes, I???ll put MFCing this on my todo list. > > When do you plan to MFC?
I’d originally planned to do so around Monday, but I can try to do it earlier. Iirc. the usual minimal period is 3 days, so that’d be Friday evening (for me). I’m travelling Friday/Saturday/Sunday, so it’s hard to give solid promises. (Unless secteam judges this to be more urgent of course, in which case I’d be happy to do it earlier.) Regards, Kristof
signature.asc
Description: Message signed with OpenPGP using GPGMail