lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ea11fea30901250822n7b1e9c3ck1959d2e42e47ce76@mail.gmail.com>
Date:	Sun, 25 Jan 2009 21:52:44 +0530
From:	Manish Katiyar <mkatiyar@...il.com>
To:	Eric Sandeen <sandeen@...hat.com>
Cc:	ext4 <linux-ext4@...r.kernel.org>, "Theodore Ts'o" <tytso@....edu>,
	cmm@...ibm.com
Subject: Re: [PATCH] : make sure the buffer head members are zeroed out before 
	using them.

On Sun, Jan 25, 2009 at 9:45 PM, Eric Sandeen <sandeen@...hat.com> wrote:
> Manish Katiyar wrote:
>> On Tue, Jan 20, 2009 at 10:36 PM, Manish Katiyar <mkatiyar@...il.com> wrote:
>>> ext2_quota_read doesn't bzeroes tmp_bh before calling ext2_get_block()
>>> where we access the b_size of it. Since it is a local variable it
>>> might contain some garbage. Make sure it is filled with zero before
>>> passing.
>>
>> Hi Ted/mingming,
>>
>> Any feedback on this ??
>
> This looks ok to me, Manish.  I'm curious, did you see this fail in real
> life, and if so, what'd the failure look like?

Actually no......I realised this while going through the code. I was
also wondering why we haven't hit this till now. Since ext{3,4} don't
have this issue, the only reason I can think of is because ext2 with
quota is not very much used or somehow we are lucky.

>
> With the change, the tmp_bh bh_size is 0, so maxblocks down the
> get_block path is also 0, but I guess that works out ok.

Yes, but that is better than having a random garbage. Isn't it ?

Thanks -
Manish

>
> -Eric
>
>> Thanks -
>> Manish
>>
>>> Signed-off-by : Manish Katiyar <mkatiyar@...il.com>
>>> ---
>>>  fs/ext2/super.c |    4 ++--
>>>  1 files changed, 2 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/fs/ext2/super.c b/fs/ext2/super.c
>>> index da8bdea..d10aa44 100644
>>> --- a/fs/ext2/super.c
>>> +++ b/fs/ext2/super.c
>>> @@ -1327,7 +1327,7 @@ static ssize_t ext2_quota_read(struct
>>> super_block *sb, int type, char *data,
>>>                tocopy = sb->s_blocksize - offset < toread ?
>>>                                sb->s_blocksize - offset : toread;
>>>
>>> -               tmp_bh.b_state = 0;
>>> +               memset(&tmp_bh, 0, sizeof(struct buffer_head));
>>>                err = ext2_get_block(inode, blk, &tmp_bh, 0);
>>>                if (err < 0)
>>>                        return err;
>>> @@ -1366,7 +1366,7 @@ static ssize_t ext2_quota_write(struct
>>> super_block *sb, int type,
>>>                tocopy = sb->s_blocksize - offset < towrite ?
>>>                                sb->s_blocksize - offset : towrite;
>>>
>>> -               tmp_bh.b_state = 0;
>>> +               memset(&tmp_bh, 0, sizeof(struct buffer_head));
>>>                err = ext2_get_block(inode, blk, &tmp_bh, 1);
>>>                if (err < 0)
>>>                        goto out;
>>> --
>>> 1.5.4.3
>>>
>>>
>>> Thanks -
>>> Manish
>>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
>> the body of a message to majordomo@...r.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ