| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1368509609.2507.8.camel@cr0> Date: Tue, 14 May 2013 13:33:29 +0800 From: Cong Wang <amwang@...hat.com> To: Jan Kara <jack@...e.cz> Cc: linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, xfs@....sgi.com Subject: Re: [Patch] quota: do not leak info to user-space On Mon, 2013-05-13 at 12:18 +0200, Jan Kara wrote: > On Mon 13-05-13 12:04:23, Jan Kara wrote: > > On Fri 10-05-13 17:24:33, Cong Wang wrote: > > > From: Cong Wang <amwang@...hat.com> > > > > > > There is a hole in struct fs_quota_stat, so we have to > > > zero the struct on stack before copying it to user-space. > > > > > > Cc: Jan Kara <jack@...e.cz> > > > Signed-off-by: Cong Wang <amwang@...hat.com> > > Good point. I've merged the patch. > Ah, now I've noticed that XFS (the only user of the callback you are > fixing) is zeroing the structure on its own (xfs_qm_scall_getqstat). So > there's no real problem. I'm somewhat wondering whether clearing the field > in the place where you did it isn't more future-proof but usually we don't > pass in prezeroed buffers so I've decided to leave things as they are. > You are right. Thanks for looking into this! -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists