| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 6 Nov 2022 14:48:37 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: linux-ext4@...r.kernel.org
Cc: linux-fscrypt@...r.kernel.org,
Harshad Shirwadkar <harshadshirwadkar@...il.com>,
stable@...r.kernel.org
Subject: [PATCH 3/7] ext4: fix leaking uninitialized memory in fast-commit journal
From: Eric Biggers <ebiggers@...gle.com>
When space at the end of fast-commit journal blocks is unused, make sure
to zero it out so that uninitialized memory is not leaked to disk.
Fixes: aa75f4d3daae ("ext4: main fast-commit commit path")
Cc: <stable@...r.kernel.org> # v5.10+
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
fs/ext4/fast_commit.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/ext4/fast_commit.c b/fs/ext4/fast_commit.c
index da0c8228cf9c3..1e8be05542396 100644
--- a/fs/ext4/fast_commit.c
+++ b/fs/ext4/fast_commit.c
@@ -737,6 +737,9 @@ static u8 *ext4_fc_reserve_space(struct super_block *sb, int len, u32 *crc)
*crc = ext4_chksum(sbi, *crc, tl, EXT4_FC_TAG_BASE_LEN);
if (pad_len > 0)
ext4_fc_memzero(sb, tl + 1, pad_len, crc);
+ /* Don't leak uninitialized memory in the unused last byte. */
+ *((u8 *)(tl + 1) + pad_len) = 0;
+
ext4_fc_submit_bh(sb, false);
ret = jbd2_fc_get_buf(EXT4_SB(sb)->s_journal, &bh);
@@ -793,6 +796,8 @@ static int ext4_fc_write_tail(struct super_block *sb, u32 crc)
dst += sizeof(tail.fc_tid);
tail.fc_crc = cpu_to_le32(crc);
ext4_fc_memcpy(sb, dst, &tail.fc_crc, sizeof(tail.fc_crc), NULL);
+ dst += sizeof(tail.fc_crc);
+ memset(dst, 0, bsize - off); /* Don't leak uninitialized memory. */
ext4_fc_submit_bh(sb, true);
--
2.38.1
Powered by blists - more mailing lists