| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tencent_AB76B566A43C5B37A4961637CC4ABC745909@qq.com>
Date: Thu, 12 Jun 2025 23:01:30 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+4125590f2a9f5b3cdf43@...kaller.appspotmail.com
Cc: amir73il@...il.com,
linux-kernel@...r.kernel.org,
linux-unionfs@...r.kernel.org,
miklos@...redi.hu,
stephen.smalley.work@...il.com,
syzkaller-bugs@...glegroups.com
Subject: [PATCH] fs/xattr: reset err to 0 after get security.* xattrs
After successfully getting "security.SMACK64", err is not reset to 0, which
causes simple_xattr_list() to return 17, which is much smaller than the
actual buffer size..
After updating err to remaining_size, reset err to 0 to avoid returning an
inappropriate buffer size.
Fixes: 8b0ba61df5a1 ("fs/xattr.c: fix simple_xattr_list to always include security.* xattrs")
Reported-by: syzbot+4125590f2a9f5b3cdf43@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=4125590f2a9f5b3cdf43
Tested-by: syzbot+4125590f2a9f5b3cdf43@...kaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@...com>
---
fs/xattr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/xattr.c b/fs/xattr.c
index 8ec5b0204bfd..600ae97969cf 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -1479,6 +1479,7 @@ ssize_t simple_xattr_list(struct inode *inode, struct simple_xattrs *xattrs,
buffer += err;
}
remaining_size -= err;
+ err = 0;
read_lock(&xattrs->lock);
for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) {
--
2.43.0
Powered by blists - more mailing lists