|
Message-ID: <AANLkTik-2msM0MtKcJ8vDm4ir0nJ7Ywt-5ZLD8y02NPT@mail.gmail.com> Date: Tue, 12 Oct 2010 11:27:42 +0200 From: Thomas Pollet <thomas.pollet@...il.com> To: oss-security@...ts.openwall.com Subject: Re: kernel: avoid pgoff overflow in remap_file_pages fwiw, this check : if (pgoff + (size >> PAGE_SHIFT) >= (1UL << PTE_FILE_MAX_BITS)) is done to make sure the most significant bits are zero pgoff is later used to create a page table entry set_pte_at(mm, addr, pte, pgoff_to_pte(pgoff)); the other bits of the pte_t are reserved for the page status bits. The exact implementation is architecture dependent. Regards, Thomas On 12 October 2010 09:19, Eugene Teo <eugene@...hat.com> wrote: > Thomas Pollet reported an integer overflow issue in remap_file_pages(). > While we are able to reproduce the issue, we are unable to find a security > impact. If your views differ, do let us know. > > https://bugzilla.redhat.com/show_bug.cgi?id=636383 > http://git.kernel.org/linus/5ec1055aa5632dd7a8283cdb5fa9be3c535eaa06 > > Thanks, Eugene > -- > main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); } >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.