From: Nicolai Stange <nstange@suse.de>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH 2/2] Add CVE-2017-18075, pcrypt mishandles freeing instances
Date: Wed, 14 Mar 2018 16:15:36 +0100 [thread overview]
Message-ID: <87bmfqofhj.fsf@suse.de> (raw)
In-Reply-To: <20180314145427.2738-2-rpalethorpe@suse.com> (Richard Palethorpe's message of "Wed, 14 Mar 2018 15:54:27 +0100")
Richard Palethorpe <rpalethorpe@suse.com> writes:
> Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
> ---
>
> I can not find the original reproducer posted upstream. I assume it was
> created by syzkaller.
Yes: https://groups.google.com/forum/#!topic/syzkaller-bugs/NKn_ivoPOpk
However, this rewrite to crypto's netlink interface might be different
enough such that ...
> diff --git a/testcases/cve/cve-2017-18075.c b/testcases/cve/cve-2017-18075.c
> new file mode 100644
> index 000000000..3723b0655
> --- /dev/null
> +++ b/testcases/cve/cve-2017-18075.c
> @@ -0,0 +1,201 @@
> +/*
> + * Copyright (c) 2018 SUSE
> + * Author: Nicolai Stange <nstange@suse.de>
> + * LTP conversion: Richard Palethorpe <rpalethorpe@suse.com>
> + *
> + * Based on the reproducer posted upstream so other copyrights may
> + * apply.
... this isn't really needed, but I'm not a lawyer.
Thanks,
Nicolai
> + *
> + * This program is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU General Public License
> + * as published by the Free Software Foundation; either version 2
> + * of the License, or (at your option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with this program; if not, see <http://www.gnu.org/licenses/>.
> + *
> + * Test for CVE-2017-5754 - pcrypt mishandles freeing instances
> + *
> + * See commit d76c68109f37 crypto: pcrypt - fix freeing pcrypt instances.
> + *
> + * If the bug is present this will most likely crash your kernel.
> + */
> +
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
next prev parent reply other threads:[~2018-03-14 15:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-14 14:54 [LTP] [PATCH 1/2] lib: Add safe_recvmsg Richard Palethorpe
2018-03-14 14:54 ` [LTP] [PATCH 2/2] Add CVE-2017-18075, pcrypt mishandles freeing instances Richard Palethorpe
2018-03-14 15:15 ` Nicolai Stange [this message]
2018-03-14 15:48 ` Richard Palethorpe
2018-03-14 22:58 ` Eric Biggers
2018-03-15 8:50 ` Richard Palethorpe
2018-03-15 11:44 ` Cyril Hrubis
2018-03-15 11:22 ` [LTP] [PATCH 1/2] lib: Add safe_recvmsg Petr Vorel
2018-03-15 11:52 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bmfqofhj.fsf@suse.de \
--to=nstange@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox