lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Sep 2013 16:29:01 -0700 From: Sebastian Capella <sebastian.capella@...aro.org> To: linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-pm@...r.kernel.org, linaro-kernel@...ts.linaro.org Cc: Sebastian Capella <sebastian.capella@...aro.org>, Pavel Machek <pavel@....cz>, "Eric W. Biederman" <ebiederm@...ssion.com>, Serge Hallyn <serge.hallyn@...onical.com>, Andrew Morton <akpm@...ux-foundation.org>, Stephen Warren <swarren@...dia.com>, Jens Axboe <axboe@...nel.dk>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Al Viro <viro@...iv.linux.org.uk> Subject: [PATCH v3 RFT 1/2] init/do_mounts.c: ignore final \n in name_to_dev_t Enhance name_to_dev_t to handle trailing newline characters on device paths. Some inputs to name_to_dev_t may come from userspace where oftentimes a '\n' is appended to the path. Added const to the name buffer in both the function declaration and the prototype to reflect input buffer handling. By handling trailing newlines in name_to_dev_t, userspace buffers may be directly passed to name_to_dev_t without modification. Signed-off-by: Sebastian Capella <sebastian.capella@...aro.org> Cc: Pavel Machek <pavel@....cz> Cc: "Eric W. Biederman" <ebiederm@...ssion.com> Cc: Serge Hallyn <serge.hallyn@...onical.com> Cc: Andrew Morton <akpm@...ux-foundation.org> Cc: Stephen Warren <swarren@...dia.com> Cc: Jens Axboe <axboe@...nel.dk> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Cc: Al Viro <viro@...iv.linux.org.uk> --- include/linux/mount.h | 2 +- init/do_mounts.c | 25 +++++++++++++++++++------ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/include/linux/mount.h b/include/linux/mount.h index 73005f9..b024d5c 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h @@ -76,6 +76,6 @@ extern struct vfsmount *vfs_kern_mount(struct file_system_type *type, extern void mnt_set_expiry(struct vfsmount *mnt, struct list_head *expiry_list); extern void mark_mounts_for_expiry(struct list_head *mounts); -extern dev_t name_to_dev_t(char *name); +extern dev_t name_to_dev_t(const char *name); #endif /* _LINUX_MOUNT_H */ diff --git a/init/do_mounts.c b/init/do_mounts.c index 816014c..5a031de 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -143,6 +143,13 @@ static dev_t devt_from_partuuid(const char *uuid_str) clear_root_wait = true; goto done; } + if (uuid_str[cmp.len - 1] == '\n') { + cmp.len--; + if (!cmp.len) { + clear_root_wait = true; + goto done; + } + } dev = class_find_device(&block_class, NULL, &cmp, &match_dev_by_uuid); @@ -202,12 +209,13 @@ done: * bangs. */ -dev_t name_to_dev_t(char *name) +dev_t name_to_dev_t(const char *name) { char s[32]; char *p; dev_t res = 0; int part; + int n; #ifdef CONFIG_BLOCK if (strncmp(name, "PARTUUID=", 9) == 0) { @@ -228,7 +236,7 @@ dev_t name_to_dev_t(char *name) goto fail; } else { res = new_decode_dev(simple_strtoul(name, &p, 16)); - if (*p) + if (*p && *p != '\n') goto fail; } goto done; @@ -236,15 +244,20 @@ dev_t name_to_dev_t(char *name) name += 5; res = Root_NFS; - if (strcmp(name, "nfs") == 0) + if (strncmp(name, "nfs", 3) == 0) goto done; res = Root_RAM0; - if (strcmp(name, "ram") == 0) + if (strncmp(name, "ram", 3) == 0) goto done; - if (strlen(name) > 31) + n = strlen(name); + if (n != 0 && name[n - 1] == '\n') + n--; + if (n > 31) goto fail; - strcpy(s, name); + strncpy(s, name, n); + s[n] = '\0'; + for (p = s; *p; p++) if (*p == '/') *p = '!'; -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists