lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAJfpegux+mVxbBH7UbrGWHrQ-7Si211GwSED3h339nERgpeYJw@mail.gmail.com>
Date:   Thu, 4 Jun 2020 10:55:15 +0200
From:   Miklos Szeredi <miklos@...redi.hu>
To:     Yuxuan Shui <yshuiv7@...il.com>
Cc:     overlayfs <linux-unionfs@...r.kernel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] overlayfs: initialize error in ovl_copy_xattr

On Wed, May 27, 2020 at 5:20 AM Yuxuan Shui <yshuiv7@...il.com> wrote:
>
>
> In ovl_copy_xattr, if all the xattrs to be copied are overlayfs private
> xattrs, the copy loop will terminate without assigning anything to the
> error variable, thus returning an uninitialized value.
>
> If ovl_copy_xattr is called from ovl_clear_empty, this uninitialized
> error value is put into a pointer by ERR_PTR(), causing potential
> invalid memory accesses down the line.
>
> This commit initialize error with 0. This is the correct value because
> when there's no xattr to copy, because all xattrs are private,
> ovl_copy_xattr should succeed.
>
> This bug is discovered with the help of INIT_STACK_ALL and clang.
>
> Signed-off-by: Yuxuan Shui <yshuiv7@...il.com>

Thanks, applied.

Miklos

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ