On Tue, 12 Jul 2011 17:47:56 +0530 Suresh Jayaraman <sjayaraman@xxxxxxx> wrote: > On 07/12/2011 05:23 PM, Jeff Layton wrote: > > This patch is mostly the same as the original. The only difference is > > that it also attempts an ftruncate if the addmntent call fails. > > > > It's possible that when mount.cifs goes to append the mtab that there > > won't be enough space to do so, and the mntent won't be appended to the > > file in its entirety. > > > > Add a my_endmntent routine that will fflush and then fsync the FILE if > > that succeeds. If either fails then it will truncate the file back to > > its provided size. It will then call endmntent unconditionally. > > > > Have add_mtab call fstat on the opened mtab file in order to get the > > size of the file before it has been appended. Assuming that that > > succeeds, use my_endmntent to ensure that the file is not corrupted > > before closing it. It's possible that we'll have a small race window > > where the mtab is incorrect, but it should be quickly corrected. > > > > This was reported some time ago as CVE-2011-1678: > > > > http://openwall.com/lists/oss-security/2011/03/04/9 > > > > ...and it seems to fix the reproducer that I was able to come up with. > > > > Signed-off-by: Jeff Layton <jlayton@xxxxxxxxx> > > --- > > mount.cifs.c | 27 +++++++++++++++++++++++++-- > > mount.h | 1 + > > mtab.c | 27 +++++++++++++++++++++++++++ > > 3 files changed, 53 insertions(+), 2 deletions(-) > > > Looks good to me. > > Reviewed-by: Suresh Jayaraman <sjayaraman@xxxxxxx> > Thanks -- patch committed... -- Jeff Layton <jlayton@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
