oss-security - Re: [PATCH] acpi: debugfs: fix buffer overflows, double free

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <4D390191.9080307@kernel.org>
Date: Fri, 21 Jan 2011 11:46:25 +0800
From: Eugene Teo <eugeneteo@...nel.org>
To: Vasiliy Kulikov <segoon@...nwall.com>
CC: oss-security@...ts.openwall.com,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: [PATCH] acpi: debugfs: fix buffer overflows, double free

On 01/21/2011 04:08 AM, Vasiliy Kulikov wrote:
> File position is not controlled, it may lead to overwrites of arbitrary
> kernel memory.  Also the code may kfree() the same pointer multiple
> times.

http://lkml.org/lkml/2011/1/20/348
https://bugzilla.redhat.com/CVE-2011-0023

Please use CVE-2011-0023 (this does not include the unresolved flaw 
described in the following paragraph below).

> One more flaw is still present: if multiple processes open the file then
> all 3 static variables are shared, leading to various race conditions.
> They should be moved to file->private_data.

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.