Bug 12335

Summary: crafted reiserfs filesystem image local DoS (reboot)
Product: File System Reporter: David Maciejak (dmaciejak)
Component: ReiserFSAssignee: ReiseFS developers team (reiserfs-devel)
Status: RESOLVED OBSOLETE    
Severity: high CC: abacabadabacaba, alan, david.maciejak, devzero, eugeneteo, jeffm
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.4 Subsystem:
Regression: No Bisected commit-id:
Attachments: poc
[PATCH] reiserfs: fix crash with fuzzed file system

Description David Maciejak 2008-12-31 02:17:12 UTC 
Latest working kernel version: none
Earliest failing kernel version:
Distribution: ubuntu
Hardware Environment: dell optiplex 740
Software Environment:
Problem Description/Steps to reproduce:

Hi,

I am playing around with some filesystems, got some weird results I would like to share with you.
Just uncompress the reiserfs_local_dos.img.gz file enclosed and mount it with
"mount reiserfs_local_dos.img /media/here -o loop" and the linux box reboot.

Regards,

David Maciejak
Fortinet's FortiGuard Global Security Research Team
Comment 1 David Maciejak 2008-12-31 02:18:00 UTC 
Created attachment 19570 [details]
poc
Comment 2 Roland Kletzing 2008-12-31 05:06:49 UTC 
indeed. with a linux vm inside vmware, i`m getting:

*** Virtual machine kernel stack fault (hardware reset) ***
The virtual machine just suffered a stack fault in kernel mode. On a real computer, this would amount to a reset of the processor. It can be caused by an incorrect configuration of the virtual machine, a bug in the operating system, or a problem in the VMware Workstation software. Press OK to reboot virtual machine or Cancel to shut it down.
Comment 3 Roland Kletzing 2013-12-10 18:25:58 UTC 
i would not consider this being resolved_obsolet either, as this filesystem image also crashes an opensuse 12.2 inside a virtual box virtual machine - and the virtual box hypervisor is also being crashed.
Comment 4 Roland Kletzing 2013-12-10 19:04:19 UTC 
the vmware issue seems resolved , though - at least the hypervisor does  not seem to crash.
Comment 5 Alan 2013-12-10 20:13:17 UTC 
ok so it still crashes the kernel so updated to 3.4 and re-opened.

Not that I'd expect anything to happen reiserfs is basically obsoleted
Comment 6 Jeff Mahoney 2013-12-10 22:54:53 UTC 
Created attachment 118031 [details]
[PATCH] reiserfs: fix crash with fuzzed file system

This will fix this particular issue, but reiserfs is generally pretty vulnerable to fuzzer issues.
Comment 7 David Maciejak 2013-12-24 02:23:39 UTC 
thx for the Christmas gift, when i read that i thought it was a joke, almost 5 years after i opened the entry ;)
Comment 8 Alan 2015-02-19 15:18:30 UTC 
Closing as obsolete, the sooner reiserfs is moved to staging and oblivion the better