| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Sep 2019 10:01:25 +0300
From: Nikolay Borisov <nborisov@...e.com>
To: Pavel Machek <pavel@....cz>, clm@...com,
David Sterba <dsterba@...e.com>, josef@...icpanda.com,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] btrfs compression: check string length
On 24.09.19 г. 9:14 ч., Pavel Machek wrote:
> AFAICT, with current code user could pass something like "lzox" and
> still get "lzo" compression. Check string lengths to prevent that.
>
> Signed-off-by: Pavel Machek <pavel@...x.de>
>
> diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c
> index b05b361..1083ab4 100644
> --- a/fs/btrfs/compression.c
> +++ b/fs/btrfs/compression.c
> @@ -51,7 +51,7 @@ bool btrfs_compress_is_valid_type(const char *str, size_t len)
> for (i = 1; i < ARRAY_SIZE(btrfs_compress_types); i++) {
> size_t comp_len = strlen(btrfs_compress_types[i]);
>
> - if (len < comp_len)
> + if (len != comp_len)
> continue;
It's like that so that we can support compression strings such as
zlib:9. In fact the initial version was written like you suggest:
https://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg88216.html
>
> if (!strncmp(btrfs_compress_types[i], str, comp_len))
>
Powered by blists - more mailing lists