Date: Tue, 9 Nov 2010 07:14:58 -0500 From: Dan Rosenberg <dan.j.rosenberg@...il.com> To: Petr Matousek <pmatouse@...hat.com> Cc: coley@...us.mitre.org, oss-security@...ts.openwall.com Subject: Re: CVE request: kernel: gdth: integer overflow in ioc_general() > > #define SIZE 0x10000029aUL > > ... > volatile unsigned long t = SIZE; // volatile so that it does not get optimised (error) > > printk("nada: %lx\n", current_thread_info()->addr_limit.seg); > printk("nada2: %lx\n", access_ok(VERIFY_READ, 0, t)); > printk("nada3: %lx\n", t); > printk("nada4: %lx\n", t > UINT_MAX); > ... > > nada: ffff810000000000 > nada2: 1 > nada3: 10000029a > nada4: 1 > Huh. Learn something new every day, I suppose. I wonder if this is kernel version or architecture dependent? In either case, ignore my previous statement, unless someone else sees anything fishy going on.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ