| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 3 Mar 2018 15:15:05 -0500
From: Theodore Ts'o <tytso@....edu>
To: Eric Biggers <ebiggers3@...il.com>
Cc: linux-ext4@...r.kernel.org, Eric Biggers <ebiggers@...gle.com>
Subject: Re: [01/10] libext2fs: forbid creating symlinks using entire block
On Fri, Mar 02, 2018 at 04:59:14PM -0800, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> ext2fs_symlink() didn't count the NUL terminator when limiting the
> symlink target length to fs->blocksize, so it could create symlinks
> using the entire block. Such symlinks are problematic because if
> block_size == PAGE_SIZE (as is usually the case), then when following
> such a symlink the kernel will truncate the last byte because it needs
> to ensure the symlink page is NUL-terminated (see page_get_link()).
> Perhaps for that reason, e2fsck considers such symlinks to be invalid
> (although only if they use the traditional block list rather than an
> extent tree, which seems to be another bug).
>
> Fix this by counting the NUL terminator, thereby decreasing the maximum
> accepted symlink target length by 1. Note that this matches the
> kernel's behavior in ext4_symlink().
>
> This breaks the test 'f_create_symlinks' which was using debugfs to
> create a 1024-byte symlink (not counting the NUL terminator) on a
> 1024-byte block filesystem. Fix it by removing the leading '/' from the
> test's symlink targets so that their lengths are decreased by 1.
>
> Fixes: f01c1a6bce5e ("libext2fs: add the ext2fs_symlink() function")
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Thanks, applied.
- Ted
Powered by blists - more mailing lists