| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170615163400.e2f024125581f452d48f1aca@linux-foundation.org>
Date: Thu, 15 Jun 2017 16:34:00 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: NeilBrown <neilb@...e.com>
Cc: Ian Kent <raven@...maw.net>, LKML <linux-kernel@...r.kernel.org>,
autofs mailing list <autofs@...r.kernel.org>
Subject: Re: [PATCH] autofs: sanity check status reported with
AUTOFS_DEV_IOCTL_FAIL
On Wed, 07 Jun 2017 12:08:38 +1000 NeilBrown <neilb@...e.com> wrote:
>
> If a positive status is passed with the AUTOFS_DEV_IOCTL_FAIL
> ioctl, autofs4_d_automount() will return
> ERR_PTR(status)
> with that status to follow_automount(), which will then
> dereference an invalid pointer.
>
> So treat a positive status the same as zero, and map
> to ENOENT.
>
> See comment in systemd src/core/automount.c::automount_send_ready().
>
> ...
>
> --- a/fs/autofs4/dev-ioctl.c
> +++ b/fs/autofs4/dev-ioctl.c
> @@ -344,7 +344,7 @@ static int autofs_dev_ioctl_fail(struct file *fp,
> int status;
>
> token = (autofs_wqt_t) param->fail.token;
> - status = param->fail.status ? param->fail.status : -ENOENT;
> + status = param->fail.status < 0 ? param->fail.status : -ENOENT;
> return autofs4_wait_release(sbi, token, status);
> }
Sounds serious. Was the absence of a cc:stable deliberate?
Powered by blists - more mailing lists