lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Mon, 19 Aug 2013 12:20:41 +0530
From:	Arun KS <arunks.linux@...il.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	viro@...iv.linux.org.uk, Matthew Wilcox <matthew@....cx>,
	Bruce Fields <bfields@...ldses.org>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	vinayak menon <vinayakm.list@...il.com>,
	Nagachandra P <nagachandra@...il.com>,
	Vikram MP <mp.vikram@...il.com>
Subject: Re: Seq File: Return error if d_path fails

Hi Andrew,

On Tue, Aug 13, 2013 at 3:19 AM, Andrew Morton
<akpm@...ux-foundation.org> wrote:
> On Thu, 8 Aug 2013 19:03:31 +0530 Arun KS <arunks.linux@...il.com> wrote:
>
>> >From 2558382c8a030f7261e47977ac62412cd78e6d38 Mon Sep 17 00:00:00 2001
>> From: Arun KS <arun.ks@...adcom.com>
>> Date: Thu, 8 Aug 2013 18:23:04 +0530
>> Subject: Seq File: Return error if d_path fails
>>
>> Return error if d_path fails in seq_path funciton. If we do not return
>> from here,
>> seq_commit sets seq_file state as overflow. And this continues in a
>> loop utill we
>> increase the size of seq buf beyond KMALLOC_MAX_SIZE.
>>
>> ...
>>
>> --- a/fs/seq_file.c
>> +++ b/fs/seq_file.c
>> @@ -471,7 +471,8 @@ int seq_path(struct seq_file *m, const struct path
>> *path, const char *esc)
>>                         char *end = mangle_path(buf, p, esc);
>>                         if (end)
>>                                 res = end - buf;
>> -               }
>> +               } else
>> +                       return PTR_ERR(p);
>>         }
>>         seq_commit(m, res);
>
> hm, does that really fix the bug?  Isn't the core problem the word "or":
>
> /**
>  * seq_commit - commit data to the buffer
>  * @m: the seq_file handle
>  * @num: the number of bytes to commit
>  *
>  * Commit @num bytes of data written to a buffer previously acquired
>  * by seq_buf_get.  To signal an error condition, or that the data
>                                                   ^^
>  * didn't fit in the available space, pass a negative @num value.
>  */
>
> seq_path()/seq_commit() is treating a d_path() failure as an overflow
> condition, but it isn't.
>
I ll send a new patch.

Thanks,
Arun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists