From: Wei Gao via ltp <ltp@lists.linux.it>
To: Martin Doucha <mdoucha@suse.cz>
Cc: Richard Palethorpe <rpalethorpe@suse.com>, ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v6] fsconfig03: New test CVE-2022-0185
Date: Wed, 1 Mar 2023 09:12:22 -0500 [thread overview]
Message-ID: <20230301141222.GA10677@localhost> (raw)
In-Reply-To: <12a64a2b-a739-a9fb-c584-f0967fc126de@suse.cz>
On Wed, Mar 01, 2023 at 02:46:16PM +0100, Martin Doucha wrote:
> Hi,
>
> On 28. 02. 23 4:27, Wei Gao via ltp wrote:
> > + for (size_t i = 0; i < 5000; i++) {
> > + /* use same logic in kernel legacy_parse_param function */
> > + const size_t len = i * (strlen(val) + 2) + (strlen(val) + 1) + 2;
> > +
> > + if (!strcmp(tst_device->fs_type, "btrfs") && len <= (size_t)pagesize)
> > + TST_EXP_PASS_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0));
> > + else
> > + TST_EXP_FAIL_SILENT(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0),
> > + EINVAL);
> > + }
>
> This special case for Btrfs is wrong. Btrfs is just the last major
> filesystem which does not implement its own fsconfig() handlers in the
> latest kernel release. But on older kernels, the same applies to other
> filesystems as well.
>
For old kernel btrfs ONLY can update legacy_parse_param() so above logic will pass.
> Any other filesystem that still uses legacy_parse_param() and has the CVE
> fix applied will fail this test with exactly 117 error messages on x86.
> That's how many iterations it takes to fill 4KB buffer with the test string.
I expect most of other scenario will use new parse_param function instead of legacy_parse_param.
The security fix should use commit which change parse function instead of update old legacy_parse_param().
>
> --
> Martin Doucha mdoucha@suse.cz
> QA Engineer for Software Maintenance
> SUSE LINUX, s.r.o.
> CORSO IIa
> Krizikova 148/34
> 186 00 Prague 8
> Czech Republic
>
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2023-03-01 14:12 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-29 11:50 [LTP] [PATCH v1] fsconfig: New case cover CVE-2022-0185 Wei Gao via ltp
2023-02-01 12:49 ` Petr Vorel
2023-02-06 10:38 ` Wei Gao via ltp
2023-02-06 16:19 ` Petr Vorel
2023-02-08 9:01 ` Wei Gao via ltp
2023-02-08 15:48 ` Petr Vorel
2023-02-09 2:25 ` Wei Gao via ltp
2023-02-09 10:10 ` Cyril Hrubis
2023-02-09 11:37 ` Wei Gao via ltp
2023-02-06 16:42 ` Wei Gao via ltp
2023-02-09 13:19 ` [LTP] [PATCH v2] " Wei Gao via ltp
2023-02-09 14:15 ` Petr Vorel
2023-02-09 14:27 ` Cyril Hrubis
2023-02-09 14:40 ` Petr Vorel
2023-02-09 14:53 ` Cyril Hrubis
2023-02-09 14:35 ` Petr Vorel
2023-02-09 14:52 ` Cyril Hrubis
2023-02-09 15:18 ` Petr Vorel
2023-02-10 8:22 ` Wei Gao via ltp
2023-02-10 9:00 ` Wei Gao via ltp
2023-02-13 1:09 ` [LTP] [PATCH v3] fsconfig03: New test CVE-2022-0185 Wei Gao via ltp
2023-02-14 11:05 ` Richard Palethorpe
2023-02-16 9:42 ` Wei Gao via ltp
2023-02-16 12:09 ` Richard Palethorpe
2023-02-16 12:54 ` Wei Gao via ltp
2023-02-16 23:52 ` [LTP] [PATCH v4] " Wei Gao via ltp
2023-02-17 7:48 ` Petr Vorel
2023-02-17 8:47 ` Petr Vorel
2023-02-17 9:19 ` Wei Gao via ltp
2023-02-27 16:20 ` Richard Palethorpe
2023-02-28 3:22 ` [LTP] [PATCH v5] " Wei Gao via ltp
2023-02-28 3:27 ` [LTP] [PATCH v6] " Wei Gao via ltp
2023-02-28 8:49 ` Richard Palethorpe
2023-03-01 13:46 ` Martin Doucha
2023-03-01 14:12 ` Wei Gao via ltp [this message]
2023-03-02 1:45 ` [LTP] [PATCH v7] fsconfig03: SKIP check return value for old kernel Wei Gao via ltp
2023-03-02 10:00 ` Petr Vorel
2023-03-02 10:45 ` Wei Gao via ltp
2023-03-02 10:03 ` Petr Vorel
2023-03-04 2:03 ` [LTP] [PATCH v8] " Wei Gao via ltp
2023-03-07 9:23 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230301141222.GA10677@localhost \
--to=ltp@lists.linux.it \
--cc=mdoucha@suse.cz \
--cc=rpalethorpe@suse.com \
--cc=wegao@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.