lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87edcu9co6.fsf@suse.de>
Date: Fri, 01 Mar 2024 15:47:37 +0000
From: Luis Henriques <lhenriques@...e.de>
To: Christian Brauner <brauner@...nel.org>
Cc: Theodore Ts'o <tytso@....edu>,  Andreas Dilger
 <adilger.kernel@...ger.ca>,  Alexander Viro <viro@...iv.linux.org.uk>,
  Jan Kara <jack@...e.cz>,  Miklos Szeredi <miklos@...redi.hu>,  Amir
 Goldstein <amir73il@...il.com>,  linux-ext4@...r.kernel.org,
  linux-fsdevel@...r.kernel.org,  linux-unionfs@...r.kernel.org,
  linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] ext4: fix mount parameters check for empty values

Christian Brauner <brauner@...nel.org> writes:

> On Thu, Feb 29, 2024 at 04:30:09PM +0000, Luis Henriques wrote:
>> Now that parameters that have the flag 'fs_param_can_be_empty' set and
>> their value is NULL are handled as 'flag' type, we need to properly check
>> for empty (NULL) values.
>> 
>> Signed-off-by: Luis Henriques <lhenriques@...e.de>
>> ---
>>  fs/ext4/super.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>> 
>> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
>> index 0f931d0c227d..44ba2212dfb3 100644
>> --- a/fs/ext4/super.c
>> +++ b/fs/ext4/super.c
>> @@ -2183,12 +2183,12 @@ static int ext4_parse_param(struct fs_context *fc, struct fs_parameter *param)
>>  	switch (token) {
>>  #ifdef CONFIG_QUOTA
>>  	case Opt_usrjquota:
>> -		if (!*param->string)
>> +		if (!param->string)
>>  			return unnote_qf_name(fc, USRQUOTA);
>
> I fail to understand how that can happen. Currently both of these
> options are parsed as strings via:
>
> #define fsparam_string_empty(NAME, OPT) \
>         __fsparam(fs_param_is_string, NAME, OPT, fs_param_can_be_empty, NULL)
>
>
> So if someone sets fsconfig(..., FSCONFIG_SET_STRING, "usrquota", NULL, ..)
> we give an immediate
>
>         case FSCONFIG_SET_STRING:
>                 if (!_key || !_value || aux) return -EINVAL;
>
> from fsconfig() so we know that param->string cannot be NULL. If that
> were the case we'd NULL deref in fs_param_is_string():
>
> int fs_param_is_string(struct p_log *log, const struct fs_parameter_spec *p,
>                        struct fs_parameter *param, struct fs_parse_result *result)
> {
>         if (param->type != fs_value_is_string ||
>             (!*param->string && !(p->flags & fs_param_can_be_empty)))
>
> So you're check above seems wrong. If I'm mistaken, please explain, how
> this can happen in detail.

I hope my reply to the previous patch helps clarifying this issue (which
is quite confusing, and I'm probably  the confused one!).  To summarize,
fsconfig() will (or can) get this parameter as a flag, not as string.

Cheers,
-- 
Luís

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ