lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHC9VhQ-f-n+0g29MpBB3_om-e=vDqSC3h+Vn_XzpK2zpqamdQ@mail.gmail.com>
Date: Thu, 5 Jun 2025 17:40:06 -0400
From: Paul Moore <paul@...l-moore.com>
To: Stephen Smalley <stephen.smalley.work@...il.com>
Cc: brauner@...nel.org, linux-fsdevel@...r.kerne.org, 
	linux-kernel@...r.kernel.org, selinux@...r.kernel.org, collin.funk1@...il.com, 
	eggert@...ucla.edu, bug-gnulib@....org
Subject: Re: [PATCH] fs/xattr.c: fix simple_xattr_list()

On Thu, Jun 5, 2025 at 12:49 PM Stephen Smalley
<stephen.smalley.work@...il.com> wrote:
>
> commit 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always
> include security.* xattrs") failed to reset err after the call to
> security_inode_listsecurity(), which returns the length of the
> returned xattr name. This results in simple_xattr_list() incorrectly
> returning this length even if a POSIX acl is also set on the inode.
>
> Reported-by: Collin Funk <collin.funk1@...il.com>
> Closes: https://lore.kernel.org/selinux/8734ceal7q.fsf@gmail.com/
> Reported-by: Paul Eggert <eggert@...ucla.edu>
> Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2369561
> Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@...il.com>
> ---
>  fs/xattr.c | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Paul Moore <paul@...l-moore.com>

> diff --git a/fs/xattr.c b/fs/xattr.c
> index 8ec5b0204bfd..600ae97969cf 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -1479,6 +1479,7 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
>                 buffer += err;
>         }
>         remaining_size -= err;
> +       err = 0;
>
>         read_lock(&xattrs->lock);
>         for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
> --
> 2.49.0

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ