lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 19 Apr 2021 16:21:00 +0000
From:   Leah Rumancik <leah.rumancik@...il.com>
To:     linux-ext4@...r.kernel.org
Cc:     tytso@....edu, Leah Rumancik <leah.rumancik@...il.com>
Subject: [PATCH v3] ext4: wipe filename upon file deletion

Upon file deletion, zero out all fields in ext4_dir_entry2 besides inode
and rec_len. In case sensitive data is stored in filenames, this ensures
no potentially sensitive data is left in the directory entry upon deletion.
Also, wipe these fields upon moving a directory entry during the conversion
to an htree and when splitting htree nodes.

Signed-off-by: Leah Rumancik <leah.rumancik@...il.com>
---
 fs/ext4/namei.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 883e2a7cd4ab..df7809a4821f 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1778,6 +1778,11 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count,
 		((struct ext4_dir_entry_2 *) to)->rec_len =
 				ext4_rec_len_to_disk(rec_len, blocksize);
 		de->inode = 0;
+
+		/* wipe name_len through and name field */
+		memset(&de->name_len, 0, ext4_rec_len_from_disk(de->rec_len,
+						blocksize) - 6);
+
 		map++;
 		to += rec_len;
 	}
@@ -2102,6 +2107,7 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname,
 	data2 = bh2->b_data;
 
 	memcpy(data2, de, len);
+	memset(de, 0, len); /* wipe old data */
 	de = (struct ext4_dir_entry_2 *) data2;
 	top = data2 + len;
 	while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top)
@@ -2492,6 +2498,11 @@ int ext4_generic_delete_entry(struct inode *dir,
 			else
 				de->inode = 0;
 			inode_inc_iversion(dir);
+
+			/* wipe name_len through name field */
+			memset(&de->name_len, 0,
+				ext4_rec_len_from_disk(de->rec_len, blocksize) - 6);
+
 			return 0;
 		}
 		i += ext4_rec_len_from_disk(de->rec_len, blocksize);
-- 
2.31.1.368.gbe11c130af-goog

Powered by blists - more mailing lists