lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1337633058-3866-1-git-send-email-eldad@fogrefinery.com>
Date:	Mon, 21 May 2012 22:44:18 +0200
From:	Eldad Zack <eldad@...refinery.com>
To:	Alexander Viro <viro@...iv.linux.org.uk>
Cc:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	Eldad Zack <eldad@...refinery.com>
Subject: [PATCH] fs/namei: fix possible uninitialized use of inode

commit 12f8ad4b0533d9212cb1d5e58ed73d2170114785 introduces a path
which might lead to uninitialized use.

fs/namei.c: In function ‘walk_component’:
fs/namei.c:1293:6: warning: ‘inode’ may be used uninitialized in this function [-Wuninitialized]
fs/namei.c:1308:16: note: ‘inode’ was declared here

The commit mentioned above removed this:

	*inode = nd->inode;

And now there's a possible that path looks like this:
...
  1147                  dentry = __d_lookup_rcu(parent, name, &seq, nd->inode);
  1148                  if (!dentry)
  1149                          goto unlazy;
...
  1187  unlazy:
...
  1204          if (unlikely(status <= 0)) {
  1205                  if (status < 0) {
  1206                          dput(dentry);
  1207                          return status;
  1208                  }
  1209                  if (!d_invalidate(dentry)) {
  1210                          dput(dentry);
  1211                          goto need_lookup;
  1212                  }
  1213          }

So we might return 0 to walk_component, which does this compare right after
check the return code from do_lookup:

  1312:		if (!inode) {

Signed-off-by: Eldad Zack <eldad@...refinery.com>
---
 fs/namei.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/namei.c b/fs/namei.c
index f9e883c..f77b69b 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1295,7 +1295,7 @@ static inline int should_follow_link(struct inode *inode, int follow)
 static inline int walk_component(struct nameidata *nd, struct path *path,
 		struct qstr *name, int type, int follow)
 {
-	struct inode *inode;
+	struct inode *inode = NULL;
 	int err;
 	/*
 	 * "." and ".." are special - ".." especially so because it has
-- 
1.7.10

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ