ltp
ltp copied to clipboard
CVE-2017-13305 test
https://bugzilla.suse.com/show_bug.cgi?id=1094353
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=794b4bc292f5d31739d89c0202c54e7dc9bc3add
After careful review of the linked commit, the CVE appears to be bogus. Both functions that call valid_master_desc()
append an extra null byte to new_desc
beforehand, which means that memcmp()
will exit early if the buffer is too short. Same applies to orig_desc
. No buffer overread is possible in the original code.
The only thing that this commit changes is that it no longer allows the prefix to be immediately followed by a null byte.
close? @metan-ucw @pevik