Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 9 Nov 2010 07:14:58 -0500
From: Dan Rosenberg <dan.j.rosenberg@...il.com>
To: Petr Matousek <pmatouse@...hat.com>
Cc: coley@...us.mitre.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: kernel: gdth: integer overflow in ioc_general()

>
> #define SIZE 0x10000029aUL
>
> ...
>    volatile unsigned long t = SIZE;  // volatile so that it does not get optimised (error)
>
>    printk("nada: %lx\n", current_thread_info()->addr_limit.seg);
>    printk("nada2: %lx\n", access_ok(VERIFY_READ, 0, t));
>    printk("nada3: %lx\n", t);
>    printk("nada4: %lx\n", t > UINT_MAX);
> ...
>
> nada: ffff810000000000
> nada2: 1
> nada3: 10000029a
> nada4: 1
>

Huh.  Learn something new every day, I suppose.  I wonder if this is
kernel version or architecture dependent?  In either case, ignore my
previous statement, unless someone else sees anything fishy going on.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ