From: dann frazier <dannf@dannf.org>
To: Eric Sandeen <sandeen@redhat.com>
Cc: Willy Tarreau <w@1wt.eu>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] 2.4: fix memory corruption from misinterpreted bad_inode_ops return values
Date: Thu, 24 Jan 2008 15:39:04 -0700 [thread overview]
Message-ID: <20080124223904.GA28495@colo.lackof.org> (raw)
In-Reply-To: <4798FDF2.3000605@redhat.com>
On Thu, Jan 24, 2008 at 03:06:58PM -0600, Eric Sandeen wrote:
> Willy Tarreau wrote:
> > Hi Dann,
> >
> > On Wed, Jan 23, 2008 at 11:12:12PM -0700, dann frazier wrote:
> >> This is a 2.4 backport of a linux-2.6 change by Eric Sandeen
> >> (commit be6aab0e9fa6d3c6d75aa1e38ac972d8b4ee82b8)
> >>
> >> CVE-2006-5753 was assigned for this issue.
> >>
> >> I've built and boot-tested this, but I'm not sure how to exercise
> >> these codepaths.
> >
> > I have no idea either. Let's consider that if nobody on the list knows
> > how to do so, I'll merge it since you did not notice any regression.
> >
> > Thanks,
> > Willy
> >
>
> Sorry... here you go. Forgot to post this sooner. I hit it with
> this on 2.6.x
>
> #include <stdio.h>
> #include <sys/types.h>
> #include <sys/errno.h>
>
> static int return_EIO(void)
> {
> return -EIO;
> }
>
> int main(int argc, char ** argv)
> {
> ssize_t error;
> ssize_t realerror = -EIO;
> ssize_t (*fn_ptr)(void);
>
> fn_ptr = (void *)return_EIO;
>
> error = (ssize_t)fn_ptr();
> printf("and... error is %ld, should be %ld\n", error, realerror);
> return 0;
> }
Thanks Eric. Sounds like my comment about exercising these code paths
wasn't too clear - the comments with your patch do make the issue
clear, and this program demonstrates the void cast promotion issue
well. I'm just not sure of a good way to demonstrate that my backport
of this patch doesn't break anything for 2.4.
--
dann frazier
next prev parent reply other threads:[~2008-01-24 22:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-24 6:12 [PATCH] 2.4: fix memory corruption from misinterpreted bad_inode_ops return values dann frazier
2008-01-24 19:56 ` Willy Tarreau
2008-01-24 21:06 ` Eric Sandeen
2008-01-24 22:39 ` dann frazier [this message]
2008-01-24 22:48 ` Eric Sandeen
2008-01-25 4:53 ` Willy Tarreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080124223904.GA28495@colo.lackof.org \
--to=dannf@dannf.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sandeen@redhat.com \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox