From: Nicolai Stange <nstange@suse.de>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 2/2] Add CVE-2017-18075, pcrypt mishandles freeing instances
Date: Wed, 14 Mar 2018 16:15:36 +0100 [thread overview]
Message-ID: <87bmfqofhj.fsf@suse.de> (raw)
In-Reply-To: <20180314145427.2738-2-rpalethorpe@suse.com> (Richard Palethorpe's message of "Wed, 14 Mar 2018 15:54:27 +0100")
Richard Palethorpe <rpalethorpe@suse.com> writes:
> Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
> ---
>
> I can not find the original reproducer posted upstream. I assume it was
> created by syzkaller.
Yes: https://groups.google.com/forum/#!topic/syzkaller-bugs/NKn_ivoPOpk
However, this rewrite to crypto's netlink interface might be different
enough such that ...
> diff --git a/testcases/cve/cve-2017-18075.c b/testcases/cve/cve-2017-18075.c
> new file mode 100644
> index 000000000..3723b0655
> --- /dev/null
> +++ b/testcases/cve/cve-2017-18075.c
> @@ -0,0 +1,201 @@
> +/*
> + * Copyright (c) 2018 SUSE
> + * Author: Nicolai Stange <nstange@suse.de>
> + * LTP conversion: Richard Palethorpe <rpalethorpe@suse.com>
> + *
> + * Based on the reproducer posted upstream so other copyrights may
> + * apply.
... this isn't really needed, but I'm not a lawyer.
Thanks,
Nicolai
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version 2
> + * of the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, see <http://www.gnu.org/licenses/>.
> + *
> + * Test for CVE-2017-5754 - pcrypt mishandles freeing instances
> + *
> + * See commit d76c68109f37 crypto: pcrypt - fix freeing pcrypt instances.
> + *
> + * If the bug is present this will most likely crash your kernel.
> + */
> +
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
next prev parent reply other threads:[~2018-03-14 15:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-14 14:54 [LTP] [PATCH 1/2] lib: Add safe_recvmsg Richard Palethorpe
2018-03-14 14:54 ` [LTP] [PATCH 2/2] Add CVE-2017-18075, pcrypt mishandles freeing instances Richard Palethorpe
2018-03-14 15:15 ` Nicolai Stange [this message]
2018-03-14 15:48 ` Richard Palethorpe
2018-03-14 22:58 ` Eric Biggers
2018-03-15 8:50 ` Richard Palethorpe
2018-03-15 11:44 ` Cyril Hrubis
2018-03-15 11:22 ` [LTP] [PATCH 1/2] lib: Add safe_recvmsg Petr Vorel
2018-03-15 11:52 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bmfqofhj.fsf@suse.de \
--to=nstange@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.