| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240613150234.25176-1-jack@suse.cz>
Date: Thu, 13 Jun 2024 17:02:34 +0200
From: Jan Kara <jack@...e.cz>
To: Ted Tso <tytso@....edu>
Cc: <linux-ext4@...r.kernel.org>,
Jan Kara <jack@...e.cz>,
syzbot+9c1fe13fcb51574b249b@...kaller.appspotmail.com,
Hugh Dickins <hughd@...gle.com>
Subject: [PATCH] ext4: Avoid writing unitialized memory to disk in EA inodes
If the extended attribute size is not a multiple of block size, the last
block in the EA inode will have uninitialized tail which will get
written to disk. We will never expose the data to userspace but still
this is not a good practice so just zero out the tail of the block as it
isn't going to cause a noticeable performance overhead.
Fixes: e50e5129f384 ("ext4: xattr-in-inode support")
Reported-by: syzbot+9c1fe13fcb51574b249b@...kaller.appspotmail.com
Reported-by: Hugh Dickins <hughd@...gle.com>
Signed-off-by: Jan Kara <jack@...e.cz>
---
fs/ext4/xattr.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
index 6460879b9fcb..46ce2f21fef9 100644
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1433,6 +1433,12 @@ static int ext4_xattr_inode_write(handle_t *handle, struct inode *ea_inode,
goto out;
memcpy(bh->b_data, buf, csize);
+ /*
+ * Zero out block tail to avoid writing uninitialized memory
+ * to disk.
+ */
+ if (csize < blocksize)
+ memset(bh->b_data + csize, 0, blocksize - csize);
set_buffer_uptodate(bh);
ext4_handle_dirty_metadata(handle, ea_inode, bh);
--
2.35.3
Powered by blists - more mailing lists