| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Oct 2011 09:22:56 -0400 From: Ted Ts'o <tytso@....edu> To: "Darrick J. Wong" <djwong@...ibm.com> Cc: Tao Ma <tm@....ma>, linux-ext4@...r.kernel.org, linux-kernel <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 4/5] ext4: Prevent stack overrun in ext4_file_open when recording last known mountpoint On Fri, Oct 21, 2011 at 02:18:18PM -0700, Darrick J. Wong wrote: > In ext4_file_open, the filesystem records the mountpoint of the first file that > is opened after mounting the filesystem. It does this by allocating a 64-byte > stack buffer, calling d_path() to grab the mount point through which this file > was accessed, and then memcpy()ing 64 bytes into the superblock's > s_last_mounted field, starting from the return value of d_path(), which is > stored as "cp". However, if cp > buf (which it frequently is since path > components are prepended starting at the end of buf) then we can end up copying > stack data into the superblock. > > Writing stack variables into the superblock doesn't sound like a great idea, so > use strlcpy instead. Andi Kleen suggested using strlcpy instead of strncpy. > > Signed-off-by: Darrick J. Wong <djwong@...ibm.com> Thanks, applied. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists