lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <5e9ea36a-6a6a-921c-81b3-bc623a9e125a@suse.com> Date: Wed, 4 Apr 2018 21:48:53 -0400 From: Jeff Mahoney <jeffm@...e.com> To: Andrew Morton <akpm@...ux-foundation.org>, Randy Dunlap <rdunlap@...radead.org> Cc: LKML <linux-kernel@...r.kernel.org>, reiserfs-devel@...r.kernel.org, Alexander Viro <viro@...iv.linux.org.uk>, Jan Kara <jack@...e.com>, Frederic Weisbecker <fweisbec@...il.com>, Artem Bityutskiy <dedekind1@...il.com>, syzkaller-bugs@...glegroups.com, syzbot+6bd77b88c1977c03f584@...kaller.appspotmail.com Subject: Re: [PATCH?] reiserfs: prevent panic: don't allow %-char in journal dev. name On 4/4/18 9:45 PM, Andrew Morton wrote: > On Wed, 4 Apr 2018 18:25:16 -0700 Randy Dunlap <rdunlap@...radead.org> wrote: > >> From: Randy Dunlap <rdunlap@...radead.org> >> >> If the reiserfs mount option's journal name contains a '%' character, >> it can lead to a WARN_ONCE() in lib/vsprintf.c::format_decode(), >> saying: "Please remove unsupported %/ in format string." >> That's OK until panic_on_warn is set, at which point it's dead, Jim. >> >> To placate this situation, check the journal name string for a '%' >> character and return an error if one is found. Also print a warning >> (one that won't panic the kernel) about the invalid journal name (e.g.): >> >> reiserfs: journal device name is invalid: %/file0 >> >> (In this example, the caller app specified the journal device name as >> "%/file0".) >> > > Well, that is a valid filename and we should support it... > > Isn't the bug in journal_init_dev()? Yep. That's exactly it. Acked-by: Jeff Mahoney <jeffm@...e.com> Thanks, -Jeff > --- a/fs/reiserfs/journal.c~a > +++ a/fs/reiserfs/journal.c > @@ -2643,7 +2643,7 @@ static int journal_init_dev(struct super > if (IS_ERR(journal->j_dev_bd)) { > result = PTR_ERR(journal->j_dev_bd); > journal->j_dev_bd = NULL; > - reiserfs_warning(super, > + reiserfs_warning(super, "sh-457", > "journal_init_dev: Cannot open '%s': %i", > jdev_name, result); > return result; > _ > > -- Jeff Mahoney SUSE Labs
Powered by blists - more mailing lists