| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Dec 2010 11:01:16 -0500
From: Ted Ts'o <tytso@....edu>
To: Namhyung Kim <namhyung@...il.com>
Cc: linux-ext4@...r.kernel.org
Subject: Re: [PATCH 07/15] libext2fs: fix error path in
ext2fs_update_bb_inode()
On Mon, Nov 29, 2010 at 05:55:09PM +0900, Namhyung Kim wrote:
> If ext2fs_get_mem() on rec.block_buf fails we should not call
> ext2fs_free_mem() on it.
>
> Signed-off-by: Namhyung Kim <namhyung@...il.com>
Thanks for pointing this out. I fixed this in a slightly simpler way.
- Ted
commit 2150278fa25f3fe8b8f29835ccd3079b608bb825
Author: Theodore Ts'o <tytso@....edu>
Date: Mon Dec 20 10:57:29 2010 -0500
libext2fs: fix potential free() of garbage in ext2fs_update_bb_inode()
There was a potential of freeing an uninitialized pointer in
rec.block_buf, which was pointed out by Namhyung Kim <namhyung@...il.com>
Signed-off-by: "Theodore Ts'o" <tytso@....edu>
diff --git a/lib/ext2fs/bb_inode.c b/lib/ext2fs/bb_inode.c
index 0b79b16..0b6c3dd 100644
--- a/lib/ext2fs/bb_inode.c
+++ b/lib/ext2fs/bb_inode.c
@@ -65,8 +65,7 @@ errcode_t ext2fs_update_bb_inode(ext2_filsys fs, ext2_badblocks_list bb_list)
if (!fs->block_map)
return EXT2_ET_NO_BLOCK_BITMAP;
- rec.bad_block_count = 0;
- rec.ind_blocks_size = rec.ind_blocks_ptr = 0;
+ memset(&rec, 0, sizeof(rec));
rec.max_ind_blocks = 10;
retval = ext2fs_get_array(rec.max_ind_blocks, sizeof(blk_t),
&rec.ind_blocks);
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists