| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Aug 2021 19:38:51 +0300
From: Kari Argillander <kari.argillander@...il.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>,
ntfs3@...ts.linux.dev, linux-kernel@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] fs/ntfs3: fix an error code in ntfs_get_acl_ex()
On Tue, Aug 24, 2021 at 02:48:58PM +0300, Dan Carpenter wrote:
> The ntfs_get_ea() function returns negative error codes or on success
Not reletad to this patch but ntfs_get_wsl_perm() seems quite bug
because in there ntfs_get_ea use is not checked at all.
Also ntfs_getxattr() should probably send errno if ntfs_get_ea() is 0.
> it returns the length. In the original code a zero length return was
> treated as -ENODATA and results in a NULL return. But it should be
> treated as an invalid length and result in an PTR_ERR(-EINVAL) return.
>
> Fixes: be71b5cba2e6 ("fs/ntfs3: Add attrib operations")
> Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
>
> I'm not super familiar with this code. Please review this one
> extra carefully. I think it's theoretical because hopefully
> ntfs_get_ea() doesn't ever return invalid lengths.
ntfs_get_ea() will return 0 if no info and this can happend quite
easily in my eyes.
Here's snippets
ntfs_read_ea()
{
attr_info =
ni_find_attr(ni, NULL, &le, ATTR_EA_INFO, NULL, 0, NULL, NULL);
attr_ea =
ni_find_attr(ni, attr_info, &le, ATTR_EA, NULL, 0, NULL, NULL);
if (!attr_ea || !attr_info)
return 0;
}
ntfs_get_ea()
{
len = 0;
err = ntfs_read_ea(ni, &ea_all, 0, &info);
if (err)
goto out;
if (!info)
goto out;
out:
return err ? err : len;
}
>
> fs/ntfs3/xattr.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/ntfs3/xattr.c b/fs/ntfs3/xattr.c
> index 9239c388050e..e8ed38d0c4c9 100644
> --- a/fs/ntfs3/xattr.c
> +++ b/fs/ntfs3/xattr.c
> @@ -521,7 +521,7 @@ static struct posix_acl *ntfs_get_acl_ex(struct user_namespace *mnt_userns,
> ni_unlock(ni);
>
> /* Translate extended attribute to acl */
> - if (err > 0) {
> + if (err >= 0) {
So now if err (size) is 0 it will try to get acl. Didn't you just say
that you want to return PTR_ERR(-EINVAL)?
So overall good finding but maybe more work is needed with this one.
> acl = posix_acl_from_xattr(mnt_userns, buf, err);
> if (!IS_ERR(acl))
> set_cached_acl(inode, type, acl);
> --
> 2.20.1
>
>
Powered by blists - more mailing lists