* [PATCH -mm] reiser4: remove lzo compression security hole
@ 2007-05-24 22:54 Richard Purdie
2007-05-28 21:00 ` Edward Shishkin
0 siblings, 1 reply; 2+ messages in thread
From: Richard Purdie @ 2007-05-24 22:54 UTC (permalink / raw)
To: akpm; +Cc: LKML, edward, vs
Switch reiser4 to use lzo1x_decompress_safe instead of lzo1x_decompress
as otherwise it presents a security hole (lzo1x_decompress doesn't
perform bounds checking on the decompressed data).
Signed-off-by: Richard Purdie <rpurdie@rpsys.net>
---
fs/reiser4/plugin/compress/compress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: linux-2.6.21/fs/reiser4/plugin/compress/compress.c
===================================================================
--- linux-2.6.21.orig/fs/reiser4/plugin/compress/compress.c 2007-05-16 20:47:45.000000000 +0100
+++ linux-2.6.21/fs/reiser4/plugin/compress/compress.c 2007-05-24 23:43:28.000000000 +0100
@@ -319,7 +319,7 @@ lzo1_decompress(coa_t coa, __u8 * src_fi
assert("edward-851", coa == NULL);
assert("edward-852", src_len != 0);
- result = lzo1x_decompress(src_first, src_len, dst_first, &dstlen, NULL);
+ result = lzo1x_decompress_safe(src_first, src_len, dst_first, &dstlen, NULL);
if (result != LZO_E_OK)
warning("edward-853", "lzo1x_1_decompress failed\n");
*dst_len = dstlen;
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH -mm] reiser4: remove lzo compression security hole
2007-05-24 22:54 [PATCH -mm] reiser4: remove lzo compression security hole Richard Purdie
@ 2007-05-28 21:00 ` Edward Shishkin
0 siblings, 0 replies; 2+ messages in thread
From: Edward Shishkin @ 2007-05-28 21:00 UTC (permalink / raw)
To: Richard Purdie; +Cc: akpm, LKML, vs
Richard Purdie wrote:
>Switch reiser4 to use lzo1x_decompress_safe instead of lzo1x_decompress
>as otherwise it presents a security hole (lzo1x_decompress doesn't
>perform bounds checking on the decompressed data).
>
>Signed-off-by: Richard Purdie <rpurdie@rpsys.net>
>
>---
> fs/reiser4/plugin/compress/compress.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>Index: linux-2.6.21/fs/reiser4/plugin/compress/compress.c
>===================================================================
>--- linux-2.6.21.orig/fs/reiser4/plugin/compress/compress.c 2007-05-16 20:47:45.000000000 +0100
>+++ linux-2.6.21/fs/reiser4/plugin/compress/compress.c 2007-05-24 23:43:28.000000000 +0100
>@@ -319,7 +319,7 @@ lzo1_decompress(coa_t coa, __u8 * src_fi
> assert("edward-851", coa == NULL);
> assert("edward-852", src_len != 0);
>
>- result = lzo1x_decompress(src_first, src_len, dst_first, &dstlen, NULL);
>+ result = lzo1x_decompress_safe(src_first, src_len, dst_first, &dstlen, NULL);
> if (result != LZO_E_OK)
> warning("edward-853", "lzo1x_1_decompress failed\n");
> *dst_len = dstlen;
>
>
>
Signed-off-by: Edward Shishkin <edward@namesys.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-05-28 21:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-24 22:54 [PATCH -mm] reiser4: remove lzo compression security hole Richard Purdie
2007-05-28 21:00 ` Edward Shishkin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox