| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Jan 2009 22:36:08 +0530 From: Manish Katiyar <mkatiyar@...il.com> To: ext4 <linux-ext4@...r.kernel.org>, "Theodore Ts'o" <tytso@....edu>, cmm@...ibm.com Cc: mkatiyar@...il.com Subject: [PATCH] : make sure the buffer head members are zeroed out before using them. ext2_quota_read doesn't bzeroes tmp_bh before calling ext2_get_block() where we access the b_size of it. Since it is a local variable it might contain some garbage. Make sure it is filled with zero before passing. Signed-off-by : Manish Katiyar <mkatiyar@...il.com> --- fs/ext2/super.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext2/super.c b/fs/ext2/super.c index da8bdea..d10aa44 100644 --- a/fs/ext2/super.c +++ b/fs/ext2/super.c @@ -1327,7 +1327,7 @@ static ssize_t ext2_quota_read(struct super_block *sb, int type, char *data, tocopy = sb->s_blocksize - offset < toread ? sb->s_blocksize - offset : toread; - tmp_bh.b_state = 0; + memset(&tmp_bh, 0, sizeof(struct buffer_head)); err = ext2_get_block(inode, blk, &tmp_bh, 0); if (err < 0) return err; @@ -1366,7 +1366,7 @@ static ssize_t ext2_quota_write(struct super_block *sb, int type, tocopy = sb->s_blocksize - offset < towrite ? sb->s_blocksize - offset : towrite; - tmp_bh.b_state = 0; + memset(&tmp_bh, 0, sizeof(struct buffer_head)); err = ext2_get_block(inode, blk, &tmp_bh, 1); if (err < 0) goto out; -- 1.5.4.3 Thanks - Manish -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists