| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250716143848.14713-1-antonio@mandelbit.com>
Date: Wed, 16 Jul 2025 16:38:48 +0200
From: Antonio Quartulli <antonio@...delbit.com>
To: linux-nfs@...r.kernel.org
Cc: Antonio Quartulli <antonio@...delbit.com>,
Trond Myklebust <trondmy@...nel.org>,
Anna Schumaker <anna@...nel.org>,
Sergey Bashirov <sergeybashirov@...il.com>,
Konstantin Evtushenko <koevtushenko@...dex.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH] pNFS: fix uninitialized pointer access
In ext_tree_encode_commit() if no block extent is encoded due to lack
of buffer space, ret is set to -ENOSPC and we end up accessing be_prev
despite it being uninitialized.
Fix this behaviour by bailing out right away when no extent is encoded.
Fixes: d84c4754f874 ("pNFS: Fix extent encoding in block/scsi layout")
Addresses-Coverity-ID: 1647611 ("Memory - illegal accesses (UNINIT)")
Signed-off-by: Antonio Quartulli <antonio@...delbit.com>
---
fs/nfs/blocklayout/extent_tree.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/nfs/blocklayout/extent_tree.c b/fs/nfs/blocklayout/extent_tree.c
index 315949a7e92d..82e19205f425 100644
--- a/fs/nfs/blocklayout/extent_tree.c
+++ b/fs/nfs/blocklayout/extent_tree.c
@@ -598,6 +598,11 @@ ext_tree_encode_commit(struct pnfs_block_layout *bl, __be32 *p,
if (ext_tree_layoutupdate_size(bl, *count) > buffer_size) {
(*count)--;
ret = -ENOSPC;
+ /* bail out right away if no extent was encoded */
+ if (!*count) {
+ spin_unlock(&bl->bl_ext_lock);
+ return ret;
+ }
break;
}
--
2.49.1
Powered by blists - more mailing lists