| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_55ACA45C1762977206C3B376C36BA96B8305@qq.com> Date: Wed, 14 May 2025 06:39:40 +0800 From: Edward Adam Davis <eadavis@...com> To: syzbot+321477fad98ea6dd35b7@...kaller.appspotmail.com Cc: brauner@...nel.org, jack@...e.cz, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk Subject: [PATCH] fs: Additional checks on new and old dir In the reproducer, when calling renameat2(), olddirfd and newdirfd passed are the same value r0, see [1]. This situation should be avoided. [1] renameat2(r0, &(0x7f0000000240)='./bus/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x0) Reported-by: syzbot+321477fad98ea6dd35b7@...kaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=321477fad98ea6dd35b7 Tested-by: syzbot+321477fad98ea6dd35b7@...kaller.appspotmail.com Signed-off-by: Edward Adam Davis <eadavis@...com> --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 84a0e0b0111c..ff843007ca94 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -5013,7 +5013,7 @@ int vfs_rename(struct renamedata *rd) struct name_snapshot old_name; bool lock_old_subdir, lock_new_subdir; - if (source == target) + if (source == target || old_dir == target) return 0; error = may_delete(rd->old_mnt_idmap, old_dir, old_dentry, is_dir); -- 2.43.0
Powered by blists - more mailing lists