Re: Intentionally corrupted vfat fs causing BUG

[Sami Liedes <sami.liedes@iki.fi>]

[-- Attachment #1: Type: text/plain, Size: 1464 bytes --]

On Sun, Oct 12, 2014 at 09:04:19PM +0200, Richard Weinberger wrote:
> You misunderstood Sami's issue. He corrupted the vfat fs intentionally
> to find issues
> in the vfat driver.
> And as he reports he found an nasty issue.
> Any user can trigger a BUG_ON() using a crafted vfat image.
> Please note, if you mount exactly the same image using msdos fs the issue
> does not occur.

Yeah, you can think of it as either a security issue if you wish, or
just as a plain old robustness issue in the age of unreliable USB
sticks etc. in that it just would be more ideal to fail gracefully
instead of crashing.

Anyway, I'm not advocating for any measure of severity (I leave that
to others); I just find and report these in the hope that someone
finds the reports useful. I personally view these more as robustness
than security bugs at the moment, but certainly they can be seen as
either.

And if some of these get fixed, I will rerun the tests, so I might
produce a daunting stream of reports. I know it would be nicer to
report everything at once, but usually the issues found first are
prevalent enough to mask other issues.

By the way, I find it interesting that once I implemented a tool to
minimize the differences between a bad fs and a good fs, every bug I
have found in any filesystem implementation has minimized to a single
bit flip. That suggests to me that fuzz testing is probably not very
effective in finding bugs that require more than that.

	Sami

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]