ltp icon indicating copy to clipboard operation
ltp copied to clipboard

Published 20 hours ago verified publisher icon linux-test-project

CVE-2017-13305 test

Open msmeissn opened this issue 6 years ago • 2 comments

https://bugzilla.suse.com/show_bug.cgi?id=1094353

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=794b4bc292f5d31739d89c0202c54e7dc9bc3add

msmeissn avatar May 23 '18 19:05 msmeissn

After careful review of the linked commit, the CVE appears to be bogus. Both functions that call valid_master_desc() append an extra null byte to new_desc beforehand, which means that memcmp() will exit early if the buffer is too short. Same applies to orig_desc. No buffer overread is possible in the original code.

The only thing that this commit changes is that it no longer allows the prefix to be immediately followed by a null byte.

mdoucha avatar May 26 '20 14:05 mdoucha

close? @metan-ucw @pevik

richiejp avatar Jul 26 '21 15:07 richiejp