| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Oct 2022 00:39:41 +0800
From: Hawkins Jiawei <yin31149@...il.com>
To: yin31149@...il.com
Cc: 18801353760@....com, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: [PATCH -next 0/5] fs: fix possible null-ptr-deref when parsing param
According to commit "vfs: parse: deal with zero length string value",
kernel will set the param->string to null pointer in vfs_parse_fs_string()
if fs string has zero length.
Yet the problem is that, when fs parses its mount parameters, it will
dereferences the param->string, without checking whether it is a
null pointer, which may trigger a null-ptr-deref bug.
So this patchset reviews all functions for fs to parse parameters,
by using `git grep -n "\.parse_param" fs/*`, and adds sanity check
on param->string if its function will dereference param->string
without check.
Hawkins Jiawei (5):
smb3: fix possible null-ptr-deref when parsing param
nfs: fix possible null-ptr-deref when parsing param
ceph: fix possible null-ptr-deref when parsing param
gfs2: fix possible null-ptr-deref when parsing param
proc: fix possible null-ptr-deref when parsing param
fs/ceph/super.c | 3 +++
fs/cifs/fs_context.c | 58 +++++++++++++++++++++++++++++++++++++++++++-
fs/gfs2/ops_fstype.c | 10 ++++++++
fs/nfs/fs_context.c | 6 +++++
fs/proc/root.c | 3 +++
5 files changed, 79 insertions(+), 1 deletion(-)
--
2.25.1
Powered by blists - more mailing lists