Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp5925620pxv; Thu, 29 Jul 2021 01:44:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwyav0+w7gNZ7IYuYX094ZX0J3Fgo8VIGSd0oOTLVF8eaARvo6MczTqXYA0Nu03URJ6uoed X-Received: by 2002:a17:906:a98e:: with SMTP id jr14mr3556530ejb.450.1627548294903; Thu, 29 Jul 2021 01:44:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1627548294; cv=none; d=google.com; s=arc-20160816; b=duer4Fmy+JcW1Ztk/NSIn2S6qZBfux97Ql+98bebrNLo+IY9tvs0cbZmnvCaFaG1cy D2/kILjltGpLP2HovLzn9gWM7V4QiBULnNX30fwebe1INZY2flSo9/OPlcatYboOmMzj v/zG7p1VRs0m9uKb5nayL3DVn0Eaks9gQwEuUwdWoRFtb8Q2kSHCsQPEf1qiVryEjFVm 5UwCd9m61/s5ZSuqY/snKo8PV5WuovXHi9amAYVvl+vZXmDo9wXZCelKN5EB7ajAx94C bcgFp2Pl5zO60xKXm8U9wj9UGze1DZBfxoYb2LaZXLUYiAuNxQMCbMwx4DtPq6/vNum9 lJyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:in-reply-to:organization:message-id :date:subject:cc:to:from; bh=BcsSXBMhqa+Huf7lfLT07r6lBcHdt1CclbTPVsyeW48=; b=YjI1QryjuwQbPaXVDAF7pJkuLEhl+5NvKfHbr1Tq08I+o5ccm1T15dqDCASb4mpwei c9f6kepY+mzbUDUqK3cShqwbYLx9nMHpKtCmMet2sUOAuaUrbGJsFjVQeSDb1BzMQ8kO uqe5xGzt/rU/yZp7v8XrNnffzVNQBs2HbJGkzd7IbzE0knNuFeHIq/vzn+P5nDzRa8gX soGvQgOkxYevG4EfiE9+xkZ2Y7MEzk4OoHtf4REw8kAe8Rk81JZqHBSj9iiAV4mBdM+Y GDfRKeUTCTgPZokbdiwq0ckbSzlxfNaJPcxCzD4wQf0Jd4EuvnoOylUlSG23GqvnJaBl Rl1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n16si2436523ejb.357.2021.07.29.01.44.31; Thu, 29 Jul 2021 01:44:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234996AbhG2Ikv (ORCPT + 99 others); Thu, 29 Jul 2021 04:40:51 -0400 Received: from mx1.emlix.com ([136.243.223.33]:38728 "EHLO mx1.emlix.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234880AbhG2Ikv (ORCPT ); Thu, 29 Jul 2021 04:40:51 -0400 X-Greylist: delayed 537 seconds by postgrey-1.27 at vger.kernel.org; Thu, 29 Jul 2021 04:40:51 EDT Received: from mailer.emlix.com (p5098be52.dip0.t-ipconnect.de [80.152.190.82]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.emlix.com (Postfix) with ESMTPS id 58CCD5F93A; Thu, 29 Jul 2021 10:31:50 +0200 (CEST) From: Rolf Eike Beer To: desmondcheongzx@gmail.com Cc: anton@tuxera.com, gregkh@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org, linux-ntfs-dev@lists.sourceforge.net, skhan@linuxfoundation.org, syzbot+213ac8bb98f7f4420840@syzkaller.appspotmail.com Subject: Re: [PATCH] ntfs: Fix validity check for file name attribute Date: Thu, 29 Jul 2021 10:31:45 +0200 Message-ID: <2424055.QlFIqzKPrH@devpool47> Organization: emlix GmbH In-Reply-To: <20210614050540.289494-1-desmondcheongzx@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2416868.LEy6h3IvCX"; micalg="pgp-sha256"; protocol="application/pgp-signature" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --nextPart2416868.LEy6h3IvCX Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8"; protected-headers="v1" From: Rolf Eike Beer To: desmondcheongzx@gmail.com Cc: anton@tuxera.com, gregkh@linuxfoundation.org, linux-kernel-mentees@lists.linuxfoundation.org, linux-kernel@vger.kernel.org, linux-ntfs-dev@lists.sourceforge.net, skhan@linuxfoundation.org, syzbot+213ac8bb98f7f4420840@syzkaller.appspotmail.com Subject: Re: [PATCH] ntfs: Fix validity check for file name attribute Date: Thu, 29 Jul 2021 10:31:45 +0200 Message-ID: <2424055.QlFIqzKPrH@devpool47> Organization: emlix GmbH In-Reply-To: <20210614050540.289494-1-desmondcheongzx@gmail.com> Hi, I was just scanning through some older vulnerabilities and came across=20 CVE-2018-12929, CVE-2018-12930, and CVE-2018-12931, which are all still ope= n=20 according to linuxkernelcves.com (originally reported against 4.15 [1]). I= =20 looked into the commits in fs/ntfs/ from 4.15 onwards to see if they were j= ust=20 missed, but I can't spot anything there. RedHat claims to have them fixed i= n=20 one of their kernels [2]. Which makes me wonder if the issue fixed here is a duplicate of the any of = the=20 above. Is there a reason I can't find any patches for the original issue in= =20 tree, like the issue only introduced in a custom patchset that Ubuntu/RedHa= t=20 were using? Is this thing worth it's own CVE if it's no duplicate? Greetings, Eike 1) https://marc.info/?t=3D152407734400002&r=3D1&w=3D2 2) https://access.redhat.com/errata/RHSA-2019:0641 =2D-=20 Rolf Eike Beer, emlix GmbH, http://www.emlix.com =46on +49 551 30664-0, Fax +49 551 30664-11 Gothaer Platz 3, 37083 G=C3=B6ttingen, Germany Sitz der Gesellschaft: G=C3=B6ttingen, Amtsgericht G=C3=B6ttingen HR B 3160 Gesch=C3=A4ftsf=C3=BChrung: Heike Jordan, Dr. Uwe Kracke =E2=80=93 Ust-IdNr= =2E: DE 205 198 055 emlix - smart embedded open source --nextPart2416868.LEy6h3IvCX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iLMEAAEIAB0WIQQ/Uctzh31xzAxFCLur5FH7Xu2t/AUCYQJncQAKCRCr5FH7Xu2t /EknBACWisFFpJAxn+isaQff639lnnAPEn8ABLf1II4r/EFgnqoBuSrAMvVfJvjC IxOI3aCtR9XtK6GjB5q4FI4YoE+jd7K+bwR//lInCvwnZdaPZvBGM0DFCzJ62kWl P6HYTgnZvbNoThgf0S2GB0e/KoU7BH5hVvFSpIHBQoqSkRHRJQ== =+ScD -----END PGP SIGNATURE----- --nextPart2416868.LEy6h3IvCX--