lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20251121-aheev-uninitialized-free-attr-overlayfs-v3-1-346f631a9c37@gmail.com>
Date: Fri, 21 Nov 2025 13:21:09 +0530
From: Ally Heev <allyheev@...il.com>
To: Miklos Szeredi <miklos@...redi.hu>, Amir Goldstein <amir73il@...il.com>, 
 Christian Brauner <brauner@...nel.org>
Cc: linux-unionfs@...r.kernel.org, linux-kernel@...r.kernel.org, 
 Dan Carpenter <dan.carpenter@...aro.org>, Ally Heev <allyheev@...il.com>
Subject: [PATCH v3] overlayfs: fix uninitialized pointers with free
 attribute

Uninitialized pointers with `__free` attribute can cause undefined
behavior as the memory assigned randomly to the pointer is freed
automatically when the pointer goes out of scope.

overlayfs doesn't have any bugs related to this as of now, but
it is better to initialize and assign pointers with `__free` attribute
in one statement to ensure proper scope-based cleanup

Reported-by: Dan Carpenter <dan.carpenter@...aro.org>
Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/
Acked-by: Amir Goldstein <amir73il@...il.com>
Signed-off-by: Ally Heev <allyheev@...il.com>
---
Changes in v3:
- reverted to v1
- Link to v2: https://lore.kernel.org/r/20251115-aheev-uninitialized-free-attr-overlayfs-v2-1-815a48767340@gmail.com

Changes in v2:
- moved the variable initialization to the top
- Link to v1: https://lore.kernel.org/r/20251105-aheev-uninitialized-free-attr-overlayfs-v1-1-6ae4624655db@gmail.com
---
 fs/overlayfs/params.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/overlayfs/params.c b/fs/overlayfs/params.c
index 63b7346c5ee1c127a9c33b12c3704aa035ff88cf..59445b53b5b88893ef7923128da99cd1934bdc6c 100644
--- a/fs/overlayfs/params.c
+++ b/fs/overlayfs/params.c
@@ -448,10 +448,10 @@ static int ovl_parse_layer(struct fs_context *fc, struct fs_parameter *param,
 		err = ovl_do_parse_layer(fc, param->string, &layer_path, layer);
 		break;
 	case fs_value_is_file: {
-		char *buf __free(kfree);
 		char *layer_name;
 
-		buf = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT);
+		char *buf __free(kfree) = kmalloc(PATH_MAX, GFP_KERNEL_ACCOUNT);
+
 		if (!buf)
 			return -ENOMEM;
 

---
base-commit: c9cfc122f03711a5124b4aafab3211cf4d35a2ac
change-id: 20251105-aheev-uninitialized-free-attr-overlayfs-6873964429e0

Best regards,
-- 
Ally Heev <allyheev@...il.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ