Summary: | ffs(4): malicious USB memory stick can cause panic in FFS taste code: panic: Assertion size > 0 failed at /usr/rtm/symbsd/src/sys/kern/subr_vmem.c:1332 | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Robert Morris <rtm> | ||||
Component: | kern | Assignee: | freebsd-fs (Nobody) <fs> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Some People | CC: | emaste, grahamperrin, mckusick, pi | ||||
Priority: | --- | Keywords: | crash, needs-qa | ||||
Version: | Unspecified | Flags: | koobs:
maintainer-feedback?
(mckusick) koobs: mfc-stable13? koobs: mfc-stable12? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257557 | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 263979 | ||||||
Attachments: |
|
Description
Robert Morris
2022-05-06 16:54:40 UTC
Please check to see if my proposed change in https://reviews.freebsd.org/D35219 resolves this bug. (In reply to Kirk McKusick from comment #1) Yes -- your validate_sblock() of Apr 12 makes this problem go away. (In reply to Robert Morris from comment #2) Could you recheck with my updated patch of May 21 to ensure my relaxed checks did not reopen the vulnerability. (In reply to Kirk McKusick from comment #3) Yes -- your patch of May 21 makes this problem go away for me. Fixed by https://reviews.freebsd.org/D35219 Will close when MFC'ed to 13. MFC'ed to 13 with commit b999366aab4e2d59cb8869b0e5ef0f70ab9b9bbe on Fri May 27 12:21:11 2022 -0700 |