lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250612151851.GD4037@suse.cz>
Date: Thu, 12 Jun 2025 17:18:51 +0200
From: David Sterba <dsterba@...e.cz>
To: Daniel Vacek <neelx@...e.com>
Cc: Chris Mason <clm@...com>, Josef Bacik <josef@...icpanda.com>,
	David Sterba <dsterba@...e.com>, Nick Terrell <terrelln@...com>,
	linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 2/2] btrfs: harden parsing of compress mount options

On Thu, Jun 12, 2025 at 03:29:21PM +0200, Daniel Vacek wrote:
> On Mon, 2 Jun 2025 at 19:29, David Sterba <dsterba@...e.cz> wrote:
> >
> > On Mon, Jun 02, 2025 at 05:53:19PM +0200, Daniel Vacek wrote:
> > > Btrfs happily but incorrectly accepts the `-o compress=zlib+foo` and similar
> > > options with any random suffix.
> > >
> > > Fix that by explicitly checking the end of the strings.
> > >
> > > Signed-off-by: Daniel Vacek <neelx@...e.com>
> > > ---
> > > v3 changes: Split into two patches to ease backporting,
> > >             no functional changes.
> > >
> > >  fs/btrfs/super.c | 26 +++++++++++++++++++-------
> > >  1 file changed, 19 insertions(+), 7 deletions(-)
> > >
> > > diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
> > > index 6291ab45ab2a5..4510c5f7a785e 100644
> > > --- a/fs/btrfs/super.c
> > > +++ b/fs/btrfs/super.c
> > > @@ -270,9 +270,20 @@ static inline blk_mode_t btrfs_open_mode(struct fs_context *fc)
> > >       return sb_open_mode(fc->sb_flags) & ~BLK_OPEN_RESTRICT_WRITES;
> > >  }
> > >
> > > +static bool btrfs_match_compress_type(char *string, char *type, bool may_have_level)
> >
> > const also here, string, type
> >
> > > +{
> > > +     int len = strlen(type);
> > > +
> > > +     return strncmp(string, type, len) == 0 &&
> > > +             ((may_have_level && string[len] == ':') ||
> > > +                                 string[len] == '\0');
> > > +}
> > > +
> > >  static int btrfs_parse_compress(struct btrfs_fs_context *ctx,
> > >                               struct fs_parameter *param, int opt)
> > >  {
> > > +     char *string = param->string;
> >
> > and here
> 
> Can be done at merge time. Or do you want a re-send?

No resend needed, I updated the patch in for-next. This was to let you
know so that I don't need to fix it in future patches.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ