lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <k53rd76iiguxb6prfmkqfnlfmkjjdzjvzc6uo7eppjc2t4ssdf@2q7pmj7sstml>
Date: Fri, 27 Sep 2024 00:10:02 -0700
From: Leo Stone <leocstone@...il.com>
To: syzbot+d9efec94dcbfa0de1c07@...kaller.appspotmail.com
Cc: amir73il@...il.com, linux-kernel@...r.kernel.org, 
	linux-unionfs@...r.kernel.org, miklos@...redi.hu, syzkaller-bugs@...glegroups.com, 
	skhan@...uxfoundation.org, anupnewsmail@...il.com
Subject: Re: [syzbot] [overlayfs?] general protection fault in ovl_llseek

Add a check to avoid using an invalid pointer if ovl_open_realfile fails.

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index 2b7a5a3a7a2f..67f75eeb1e51 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -117,7 +117,11 @@ static int ovl_real_fdget_meta(const struct file *file, struct fd *real,
                struct file *f = ovl_open_realfile(file, &realpath);
                if (IS_ERR(f))
                        return PTR_ERR(f);
-               real->word = (unsigned long)ovl_open_realfile(file, &realpath) | FDPUT_FPUT;
+               f = ovl_open_realfile(file, &realpath);
+               if (IS_ERR(f))
+                       return PTR_ERR(f);
+               real->word = (unsigned long)f;
+               real->word |= FDPUT_FPUT;
                return 0;
        }



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ