| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260123073037.4164303-1-wangqing7171@gmail.com>
Date: Fri, 23 Jan 2026 15:30:37 +0800
From: Qing Wang <wangqing7171@...il.com>
To: ebiggers@...nel.org,
tytso@....edu,
jaegeuk@...nel.org
Cc: linux-fscrypt@...r.kernel.org,
linux-kernel@...r.kernel.org,
Qing Wang <wangqing7171@...il.com>,
syzbot+d130f98b2c265fae5297@...kaller.appspotmail.com
Subject: [PATCH] fscrypt: Fix uninit-value in ovl_fill_real
Syzbot reported a KMSAN uninit-value issue in ovl_fill_real and it was
allocated from fscrypt_fname_alloc_buffer. Fixed it by kzalloc.
The call chain is:
__do_sys_getdents64()
-> iterate_dir()
...
-> ext4_readdir()
-> fscrypt_fname_alloc_buffer() // alloc
-> dir_emit()
-> ovl_fill_real() // use by strcmp()
Reported-by: syzbot+d130f98b2c265fae5297@...kaller.appspotmail.com
Close: https://syzkaller.appspot.com/bug?extid=d130f98b2c265fae5297
Signed-off-by: Qing Wang <wangqing7171@...il.com>
---
fs/crypto/fname.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/crypto/fname.c b/fs/crypto/fname.c
index a9a4432d12ba..ba8282b96a2e 100644
--- a/fs/crypto/fname.c
+++ b/fs/crypto/fname.c
@@ -220,7 +220,7 @@ int fscrypt_fname_alloc_buffer(u32 max_encrypted_len,
u32 max_presented_len = max_t(u32, FSCRYPT_NOKEY_NAME_MAX_ENCODED,
max_encrypted_len);
- crypto_str->name = kmalloc(max_presented_len + 1, GFP_NOFS);
+ crypto_str->name = kzalloc(max_presented_len + 1, GFP_NOFS);
if (!crypto_str->name)
return -ENOMEM;
crypto_str->len = max_presented_len;
--
2.34.1
Powered by blists - more mailing lists