| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Dec 2020 22:15:24 +0100 (CET)
From: Richard Weinberger <richard@....at>
To: Andreas Dilger <adilger@...ger.ca>
Cc: tytso <tytso@....edu>, linux-ext4 <linux-ext4@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ext4: Don't leak old mountpoint samples
----- Ursprüngliche Mail -----
>> Fix this by using strncpy() instead of strlcpy(). The superblock
>> field is defined to be a fixed-size char array, and it is already
>> marked using __nonstring in fs/ext4/ext4.h. The consumer of the field
>> in e2fsprogs already assumes that in the case of a 64+ byte mount
>> path, that s_last_mounted will not be NUL terminated.
>>
>> Reported-by: Richard Weinberger <richard@....at>
>> Signed-off-by: Theodore Ts'o <tytso@....edu>
>
> Color me confused, but I don't see how this change makes any difference?
> If "cp" is only "/" then it will *still* not overwrite "edia/johnjdeveloper"
> at the end of the s_last_mounted array. To my mind, the only difference
> between using strlcpy() and strncpy() would be whether the last byte in
> the array can be used or not, but doesn't affect the remaining bytes.
strncpy() zeros all remaining bytes.
Thanks,
//richard
Powered by blists - more mailing lists