On Mon, May 10, 2021 at 12:18:08PM +0200, Jules Maselbas wrote: > Hi, > > On Fri, May 07, 2021 at 12:58:30PM +0200, Sascha Hauer wrote: > > Hi, > > > > On Sun, Apr 18, 2021 at 01:10:10AM +0530, Neeraj Pal wrote: > > > Hi, > > > > > > I have found the Out of bound read issue of size 1 when argv[2] is "" in > > > __d_alloc function fs/fs.c:1254 which further goes > > > and crashes into __default_memcpy call lib/string.c:562 > > > > > > Tested on: > > > - barebox-2021.04.0 > > > - git commit af0f068a6edad45b033e772056ac0352e1ba3613 > > > > I can reproduce this here. Thanks for reporting it. I just sent out a > > series fixing this issue, you are on Cc: > I think this should also be fixed by the patch I've sent: > (74946415a "fs: Fix link_path_walk to return -ENOENT on empty path") > > This patch might not have fixed this exact case when running the nfs > command. Have you been able to repoduce this issue with this patch > applied ? > > I've havn't tried to setup a net interface to debug nfs commandi, > instead I was using simpler command such as `md5sum ""`. Indeed I can confirm that 74946415a already fixes the issue, also with a 'nfs foo ""' command. This renders my patches unnecessary for this issue, but still I think they do the right thing, so I tend to keep them. Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
