| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Sep 2013 16:29:01 -0700
From: Sebastian Capella <sebastian.capella@...aro.org>
To: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-pm@...r.kernel.org, linaro-kernel@...ts.linaro.org
Cc: Sebastian Capella <sebastian.capella@...aro.org>,
Pavel Machek <pavel@....cz>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Serge Hallyn <serge.hallyn@...onical.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Stephen Warren <swarren@...dia.com>,
Jens Axboe <axboe@...nel.dk>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Al Viro <viro@...iv.linux.org.uk>
Subject: [PATCH v3 RFT 1/2] init/do_mounts.c: ignore final \n in name_to_dev_t
Enhance name_to_dev_t to handle trailing newline characters
on device paths. Some inputs to name_to_dev_t may come from
userspace where oftentimes a '\n' is appended to the path.
Added const to the name buffer in both the function
declaration and the prototype to reflect input buffer
handling.
By handling trailing newlines in name_to_dev_t, userspace
buffers may be directly passed to name_to_dev_t without
modification.
Signed-off-by: Sebastian Capella <sebastian.capella@...aro.org>
Cc: Pavel Machek <pavel@....cz>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Serge Hallyn <serge.hallyn@...onical.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Stephen Warren <swarren@...dia.com>
Cc: Jens Axboe <axboe@...nel.dk>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Al Viro <viro@...iv.linux.org.uk>
---
include/linux/mount.h | 2 +-
init/do_mounts.c | 25 +++++++++++++++++++------
2 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/include/linux/mount.h b/include/linux/mount.h
index 73005f9..b024d5c 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -76,6 +76,6 @@ extern struct vfsmount *vfs_kern_mount(struct file_system_type *type,
extern void mnt_set_expiry(struct vfsmount *mnt, struct list_head *expiry_list);
extern void mark_mounts_for_expiry(struct list_head *mounts);
-extern dev_t name_to_dev_t(char *name);
+extern dev_t name_to_dev_t(const char *name);
#endif /* _LINUX_MOUNT_H */
diff --git a/init/do_mounts.c b/init/do_mounts.c
index 816014c..5a031de 100644
--- a/init/do_mounts.c
+++ b/init/do_mounts.c
@@ -143,6 +143,13 @@ static dev_t devt_from_partuuid(const char *uuid_str)
clear_root_wait = true;
goto done;
}
+ if (uuid_str[cmp.len - 1] == '\n') {
+ cmp.len--;
+ if (!cmp.len) {
+ clear_root_wait = true;
+ goto done;
+ }
+ }
dev = class_find_device(&block_class, NULL, &cmp,
&match_dev_by_uuid);
@@ -202,12 +209,13 @@ done:
* bangs.
*/
-dev_t name_to_dev_t(char *name)
+dev_t name_to_dev_t(const char *name)
{
char s[32];
char *p;
dev_t res = 0;
int part;
+ int n;
#ifdef CONFIG_BLOCK
if (strncmp(name, "PARTUUID=", 9) == 0) {
@@ -228,7 +236,7 @@ dev_t name_to_dev_t(char *name)
goto fail;
} else {
res = new_decode_dev(simple_strtoul(name, &p, 16));
- if (*p)
+ if (*p && *p != '\n')
goto fail;
}
goto done;
@@ -236,15 +244,20 @@ dev_t name_to_dev_t(char *name)
name += 5;
res = Root_NFS;
- if (strcmp(name, "nfs") == 0)
+ if (strncmp(name, "nfs", 3) == 0)
goto done;
res = Root_RAM0;
- if (strcmp(name, "ram") == 0)
+ if (strncmp(name, "ram", 3) == 0)
goto done;
- if (strlen(name) > 31)
+ n = strlen(name);
+ if (n != 0 && name[n - 1] == '\n')
+ n--;
+ if (n > 31)
goto fail;
- strcpy(s, name);
+ strncpy(s, name, n);
+ s[n] = '\0';
+
for (p = s; *p; p++)
if (*p == '/')
*p = '!';
--
1.7.9.5
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists