lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Dec 2020 15:24:40 -0800 From: harshad shirwadkar <harshadshirwadkar@...il.com> To: Richard Weinberger <richard@....at> Cc: "Theodore Y. Ts'o" <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, Ext4 Developers List <linux-ext4@...r.kernel.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] ext4: Don't leak old mountpoint samples Thanks for the patch Richard, it looks good to me. Reviewed-by: Harshad Shirwadkar <harshadshirwadkar@...il.com> On Tue, Dec 1, 2020 at 7:29 AM Richard Weinberger <richard@....at> wrote: > > As soon the first file is opened, ext4 samples the mountpoint > of the filesystem in 64 bytes of the super block. > It does so using strlcpy(), this means that the remaining bytes > in the super block string buffer are untouched. > If the mount point before had a longer path than the current one, > it can be reconstructed. > > Consider the case where the fs was mounted to "/media/johnjdeveloper" > and later to "/". > The the super block buffer then contains "/\x00edia/johnjdeveloper". > > This case was seen in the wild and caused confusion how the name > of a developer ands up on the super block of a filesystem used > in production... > > Fix this by clearing the string buffer before writing to it, > > Signed-off-by: Richard Weinberger <richard@....at> > --- > fs/ext4/file.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/ext4/file.c b/fs/ext4/file.c > index 3ed8c048fb12..dba521250d01 100644 > --- a/fs/ext4/file.c > +++ b/fs/ext4/file.c > @@ -809,6 +809,7 @@ static int ext4_sample_last_mounted(struct super_block *sb, > err = ext4_journal_get_write_access(handle, sbi->s_sbh); > if (err) > goto out_journal; > + memset(sbi->s_es->s_last_mounted, 0x00, sizeof(sbi->s_es->s_last_mounted)); > strlcpy(sbi->s_es->s_last_mounted, cp, > sizeof(sbi->s_es->s_last_mounted)); > ext4_handle_dirty_super(handle, sb); > -- > 2.26.2 >
Powered by blists - more mailing lists