lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Jun 2020 11:01:50 -0400 From: "Theodore Y. Ts'o" <tytso@....edu> To: Andreas Dilger <adilger@...ger.ca> Cc: Eric Biggers <ebiggers@...nel.org>, linux-ext4@...r.kernel.org, Daniel Rosenberg <drosen@...gle.com>, stable@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, Al Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, Gabriel Krisman Bertazi <krisman@...labora.co.uk> Subject: Re: [PATCH v2] ext4: avoid utf8_strncasecmp() with unstable name On Mon, Jun 01, 2020 at 02:49:51PM -0600, Andreas Dilger wrote: > On Jun 1, 2020, at 2:05 PM, Eric Biggers <ebiggers@...nel.org> wrote: > > > > From: Eric Biggers <ebiggers@...gle.com> > > > > If the dentry name passed to ->d_compare() fits in dentry::d_iname, then > > it may be concurrently modified by a rename. This can cause undefined > > behavior (possibly out-of-bounds memory accesses or crashes) in > > utf8_strncasecmp(), since fs/unicode/ isn't written to handle strings > > that may be concurrently modified. > > > > Fix this by first copying the filename to a stack buffer if needed. > > This way we get a stable snapshot of the filename. > > > > Fixes: b886ee3e778e ("ext4: Support case-insensitive file name lookups") > > Cc: <stable@...r.kernel.org> # v5.2+ > > Cc: Al Viro <viro@...iv.linux.org.uk> > > Cc: Daniel Rosenberg <drosen@...gle.com> > > Cc: Gabriel Krisman Bertazi <krisman@...labora.co.uk> > > Signed-off-by: Eric Biggers <ebiggers@...gle.com> > > LGTM. > > Reviewed-by: Andreas Dilger <adilger@...ger.ca> Thanks, applied. - Ted
Powered by blists - more mailing lists