Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)

To: Horms <horms@verge.net.au>, 280492@bugs.debian.org
Cc: sf@sfritsch.de
Subject: Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
From: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>
Date: Tue, 18 Jan 2005 19:21:47 +0100
Message-id: <[🔎] 20050118182147.GB20005@rembrandt.csv.ica.uni-stuttgart.de>
Reply-to: Thiemo Seufer <ica2_ts@csv.ica.uni-stuttgart.de>, 280492@bugs.debian.org
In-reply-to: <[🔎] 20050118080709.GA29463@verge.net.au>
References: <20050117060702.GA4511@verge.net.au> <E1CRd1G-0008Cg-7G@k.local> <handler.280492.D280492.11059420996135.notifdone@bugs.debian.org> <[🔎] Pine.LNX.4.58.0501171036001.7071@neo.t30.physik.tu-muenchen.de> <[🔎] 20050118080709.GA29463@verge.net.au>

Horms wrote:
[snip]
> The patch from ultramonkey.org above was fished out of 
> a Red Hat Kernel RPM (by me). It still seems to be used
> in their latest kernel (27.0.1.EL.um.1), so I am going to apply that.
> But for the other architectures (mips and alpha) there does not
> seem to be a fix available.

Mips uses the generic version, the non-padding assembly one does only
to_user/from_user, which is uncritical.

> To be honest I am pretty dubious about the security tag
> on this bug, I don't believe there is a known exploit
> and at best the bug seems to be regarded as being minor.
> Would it be acceptable to remove the security tag? 

It could lead to involuntary disclosure of sensitive data.

> Would you be happy to have the bug closed by application of the patch
> you suggested? Or do you want to hold it open because of the
> outstanding mips and alpha problem? I am pretty tempted to mark it as
> upstream and wontfix and reprioritise as wishlist if that is the case.
> Perhaps splitting and reassigning to the relevant misps and alpha
> kernel-image packages.

AFAICS reassigning to alpha is ok.


Thiemo

Reply to:

Follow-Ups:
- Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
  - From: Horms <horms@debian.org>

References:
- Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
  - From: sf@sfritsch.de
- Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
  - From: Horms <horms@verge.net.au>

Prev by Date: Re: Bug#290925: kernel-source-2.6.10: Blank Screen When Using intelfb Module
Next by Date: Bug#291094: (ppc - radeonfb, sometimes "out-of-scan-range" occurs when switching to framebuffer)
Previous by thread: Bug#280492: Bug #280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
Next by thread: Bug#280492: kernel-source-2.4.27: strncpy does not 0-pad destination on some archs)
Index(es):
- Date
- Thread