lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAOKbgA44BW824W_OqL8LO1FcaWdomrsYsr-kMHSj3cV1daJ4fg@mail.gmail.com>
Date:   Wed, 1 Sep 2021 21:47:12 +0700
From:   Dmitry Kadashev <dkadashev@...il.com>
To:     Christoph Hellwig <hch@...radead.org>
Cc:     Stephen Brennan <stephen.s.brennan@...cle.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Jens Axboe <axboe@...nel.dk>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] namei: Fix use after free in kern_path_locked

On Wed, Sep 1, 2021 at 4:13 PM Christoph Hellwig <hch@...radead.org> wrote:
>
> On Wed, Sep 01, 2021 at 02:35:08PM +0700, Dmitry Kadashev wrote:
> > Ouch. Thanks for taking care of this, Stephen. I guess
> > filename_parentat() should be killed, since kern_path_locked() was the
> > only place it's used in and it always results in danging "last",
> > provoking bugs just like this one. I can send a patch on top of this if
> > you prefer.
>
> Yes.  And then rename __filename_parentat to filename_parentat, please.

I see why you want it to be renamed - and I'll send the patch.  The only
problem I have with the rename is with __filename_parentat() there is a
nice uniformity: filename_* functions consume the passed name, and
__filename_* do not. So maybe it's something nice to have. Maybe not.

Anyway, as I've mentioned, I'll send the patch and it can be either
picked up or ignored.

-- 
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ