| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a2849e34-879d-783a-761e-5ce9a1d43311@huawei.com>
Date: Mon, 8 Jun 2020 09:37:52 +0800
From: Chao Yu <yuchao0@...wei.com>
To: Eric Biggers <ebiggers@...nel.org>,
<linux-f2fs-devel@...ts.sourceforge.net>
CC: <linux-ext4@...r.kernel.org>, Daniel Rosenberg <drosen@...gle.com>,
<stable@...r.kernel.org>, Al Viro <viro@...iv.linux.org.uk>,
<linux-fsdevel@...r.kernel.org>,
Gabriel Krisman Bertazi <krisman@...labora.co.uk>
Subject: Re: [PATCH v2] f2fs: avoid utf8_strncasecmp() with unstable name
On 2020/6/2 4:08, Eric Biggers wrote:
> From: Eric Biggers <ebiggers@...gle.com>
>
> If the dentry name passed to ->d_compare() fits in dentry::d_iname, then
> it may be concurrently modified by a rename. This can cause undefined
> behavior (possibly out-of-bounds memory accesses or crashes) in
> utf8_strncasecmp(), since fs/unicode/ isn't written to handle strings
> that may be concurrently modified.
>
> Fix this by first copying the filename to a stack buffer if needed.
> This way we get a stable snapshot of the filename.
>
> Fixes: 2c2eb7a300cd ("f2fs: Support case-insensitive file name lookups")
> Cc: <stable@...r.kernel.org> # v5.4+
> Cc: Al Viro <viro@...iv.linux.org.uk>
> Cc: Daniel Rosenberg <drosen@...gle.com>
> Cc: Gabriel Krisman Bertazi <krisman@...labora.co.uk>
> Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Reviewed-by: Chao Yu <yuchao0@...wei.com>
Thanks,
Powered by blists - more mailing lists