Re: [RESEND][PATCH] gen_init_cpio: avoid stack overflow when expanding

[Kees Cook]

On Wed, Oct 24, 2012 at 2:02 PM, Andrew Morton
<akpm@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Wed, 24 Oct 2012 13:57:56 -0700
> Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
>> Fix possible overflow of the buffer used for expanding environment
>> variables when building file list.
>>
>> $ cat usr/crash.list
>> file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0
>> $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list
>> *** buffer overflow detected ***: ./usr/gen_init_cpio terminated
>>
>> This also replaces the space-indenting with tabs.
>>
>> Patch based on existing fix extracted from grsecurity.
>>
>> ...
>>
>> Cc: stable@xxxxxxxxxxxxxxx
>
> Why did you feel we need to backport this to -stable?

It's an extremely hard to hit security issue, but it's a security fix
regardless. I won't cry if it doesn't go to stable, but it seems a
trivial fix, so I included it for stable.

-Kees

-- 
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/