login
Login
/
Register
Search
Forums
News
Blogs
Features
Site
Home
»
Mailing list archives
»
linux-kernel
»
2007
»
May
»
28
Re: [PATCH -mm] reiser4: remove lzo compression security hole
view
thread
!MAILaRCHIVE_VOTE_RePLACE
Previous message: [
thread
] [
date
] [
author
]
Next message: [thread] [
date
] [
author
]
[view in full thread]
From:
Edward Shishkin <edward@...>
To: Richard Purdie <rpurdie@...>
Cc: akpm <akpm@...>, LKML <linux-kernel@...>, <vs@...>
Subject:
Re: [PATCH -mm] reiser4: remove lzo compression security hole
Date: Monday, May 28, 2007 - 5:00 pm
Richard Purdie wrote:
quoted text
>Switch reiser4 to use lzo1x_decompress_safe instead of lzo1x_decompress >as otherwise it presents a security hole (lzo1x_decompress doesn't >perform bounds checking on the decompressed data). > >Signed-off-by: Richard Purdie <rpurdie@rpsys.net> > >--- > fs/reiser4/plugin/compress/compress.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >Index: linux-2.6.21/fs/reiser4/plugin/compress/compress.c >=================================================================== >--- linux-2.6.21.orig/fs/reiser4/plugin/compress/compress.c 2007-05-16 20:47:45.000000000 +0100 >+++ linux-2.6.21/fs/reiser4/plugin/compress/compress.c 2007-05-24 23:43:28.000000000 +0100 >@@ -319,7 +319,7 @@ lzo1_decompress(coa_t coa, __u8 * src_fi > assert("edward-851", coa == NULL); > assert("edward-852", src_len != 0); > >- result = lzo1x_decompress(src_first, src_len, dst_first, &dstlen, NULL); >+ result = lzo1x_decompress_safe(src_first, src_len, dst_first, &dstlen, NULL); > if (result != LZO_E_OK) > warning("edward-853", "lzo1x_1_decompress failed\n"); > *dst_len = dstlen; > > >
Signed-off-by: Edward Shishkin <edward@namesys.com> -
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to
majordomo@vger.kernel.org
More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at
http://www.tux.org/lkml/
Previous message: [
thread
] [
date
] [
author
]
Next message: [thread] [
date
] [
author
]
Messages in current thread:
[PATCH -mm] reiser4: remove lzo compression security hole
, Richard Purdie
, (Thu May 24, 6:54 pm)
Re: [PATCH -mm] reiser4: remove lzo compression security hole
, Edward Shishkin
, (Mon May 28, 5:00 pm)
Navigation
Create content
Mailing list archives
Recent posts
Popular discussions
linux-kernel
:
Michal Piotrowski
Re: [BUG] fs/xfs/xfs_bmap_btree.c:2312: error: 'b' undeclared (first use in this f...
debian developer
Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg KH
[GIT PATCH] driver core patches against 2.6.24
Paul Jackson
[PATCH 0/5 v2] x86 boot: various E820 & EFI related fixes - what changed in v2
git
:
openbsd-misc
:
linux-netdev
:
Paweł Staszewski
Re: rib_trie / Fix inflate_threshold_root. Now=15 size=11 bits
David Miller
Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker
[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
Jarek Poplawski
Re: Data corruption issue with splice() on 2.6.27.10
Colocation donated by:
Who's online
There are currently
2 users
and
839 guests
online.
Online users
zeekec
sandrasands
Syndicate
