Upon file deletion, zero out all fields in ext4_dir_entry2 besides inode and rec_len. In case sensitive data is stored in filenames, this ensures no potentially sensitive data is left in the directory entry upon deletion. Also, wipe these fields upon moving a directory entry during the conversion to an htree and when splitting htree nodes. Signed-off-by: Leah Rumancik <leah.rumancik@xxxxxxxxx> --- fs/ext4/namei.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c index 883e2a7cd4ab..df7809a4821f 100644 --- a/fs/ext4/namei.c +++ b/fs/ext4/namei.c @@ -1778,6 +1778,11 @@ dx_move_dirents(char *from, char *to, struct dx_map_entry *map, int count, ((struct ext4_dir_entry_2 *) to)->rec_len = ext4_rec_len_to_disk(rec_len, blocksize); de->inode = 0; + + /* wipe name_len through and name field */ + memset(&de->name_len, 0, ext4_rec_len_from_disk(de->rec_len, + blocksize) - 6); + map++; to += rec_len; } @@ -2102,6 +2107,7 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, data2 = bh2->b_data; memcpy(data2, de, len); + memset(de, 0, len); /* wipe old data */ de = (struct ext4_dir_entry_2 *) data2; top = data2 + len; while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top) @@ -2492,6 +2498,11 @@ int ext4_generic_delete_entry(struct inode *dir, else de->inode = 0; inode_inc_iversion(dir); + + /* wipe name_len through name field */ + memset(&de->name_len, 0, + ext4_rec_len_from_disk(de->rec_len, blocksize) - 6); + return 0; } i += ext4_rec_len_from_disk(de->rec_len, blocksize); -- 2.31.1.368.gbe11c130af-goog
