| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220628055949.566089-1-dzm91@hust.edu.cn>
Date: Tue, 28 Jun 2022 13:59:48 +0800
From: Dongliang Mu <dzm91@...t.edu.cn>
To: Bob Peterson <rpeterso@...hat.com>,
Andreas Gruenbacher <agruenba@...hat.com>,
Steven Whitehouse <swhiteho@...hat.com>,
Jean Delvare <khali@...ux-fr.org>
Cc: Dongliang Mu <mudongliangabcd@...il.com>,
syzkaller <syzkaller@...glegroups.com>, cluster-devel@...hat.com,
linux-kernel@...r.kernel.org
Subject: [PATCH] gfs2: fix overread in the strlcpy of init_names
From: Dongliang Mu <mudongliangabcd@...il.com>
In init_names, strlcpy will overread the src string as the src string is
less than GFS2_FSNAME_LEN(256).
Fix this by modifying strlcpy back to snprintf, reverting
the commit 00377d8e3842.
Fixes: 00377d8e3842 ("[GFS2] Prefer strlcpy() over snprintf()")
Reported-by: syzkaller <syzkaller@...glegroups.com>
Signed-off-by: Dongliang Mu <mudongliangabcd@...il.com>
---
fs/gfs2/ops_fstype.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index c9b423c874a3..ee29b50d39b9 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -383,8 +383,8 @@ static int init_names(struct gfs2_sbd *sdp, int silent)
if (!table[0])
table = sdp->sd_vfs->s_id;
- strlcpy(sdp->sd_proto_name, proto, GFS2_FSNAME_LEN);
- strlcpy(sdp->sd_table_name, table, GFS2_FSNAME_LEN);
+ snprintf(sdp->sd_proto_name, GFS2_FSNAME_LEN, "%s", proto);
+ snprintf(sdp->sd_table_name, GFS2_FSNAME_LEN, "%s", table);
table = sdp->sd_table_name;
while ((table = strchr(table, '/')))
--
2.35.1
Powered by blists - more mailing lists