| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Apr 2019 18:05:17 +0200 From: Jan Kara <jack@...e.cz> To: Wenwen Wang <wang6495@....edu> Cc: Jan Kara <jack@...e.com>, open list <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] udf: fix an uninitialized read bug On Mon 15-04-19 10:26:24, Wenwen Wang wrote: > In udf_lookup(), the pointer 'fi' is a local variable initialized by the > return value of the function call udf_find_entry(). However, if the macro > 'UDF_RECOVERY' is defined, this variable will become uninitialized if the > else branch is not taken, which can potentially cause incorrect results in > the following execution. > > This patch simply initializes this local pointer to NULL. > > Signed-off-by: Wenwen Wang <wang6495@....edu> Thanks for the patch! A better fix is to drop the whole UDF_RECOVERY ifdef and what's in it. It is just dead code anyway. Honza > --- > fs/udf/namei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/udf/namei.c b/fs/udf/namei.c > index 58cc241..9d499e1 100644 > --- a/fs/udf/namei.c > +++ b/fs/udf/namei.c > @@ -299,7 +299,7 @@ static struct dentry *udf_lookup(struct inode *dir, struct dentry *dentry, > struct inode *inode = NULL; > struct fileIdentDesc cfi; > struct udf_fileident_bh fibh; > - struct fileIdentDesc *fi; > + struct fileIdentDesc *fi = NULL; > > if (dentry->d_name.len > UDF_NAME_LEN) > return ERR_PTR(-ENAMETOOLONG); > -- > 2.7.4 > > -- Jan Kara <jack@...e.com> SUSE Labs, CR
Powered by blists - more mailing lists