commit a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

xfs: prevent reading uninitialized stack memory

The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12
bytes of uninitialized stack memory, because the fsxattr struct
declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero)
the 12-byte fsx_pad member before copying it back to the user. This
patch takes care of it.

Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Alex Elder <aelder@sgi.com>

authored by Dan Rosenberg and committed by Alex Elder 15 years ago a122eb2f cc491e27

1 changed file

expand all

unified split

xfs

linux-2.6

xfs_ioctl.c

fs/xfs/linux-2.6/xfs_ioctl.c

··· 785 785 { 786 786 struct fsxattr fa; 787 787 788 + memset(&fa, 0, sizeof(struct fsxattr)); 789 + 788 790 xfs_ilock(ip, XFS_ILOCK_SHARED); 789 791 fa.fsx_xflags = xfs_ip2xflags(ip); 790 792 fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;