[PATCH v3 0/2] vfs: fix a mount table handling problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Whenever a mount has an empty "source" (aka mnt_fsname), the glibc
function getmntent incorrectly parses its input, resulting in reporting
incorrect data to the caller.

The problem is that the get_mnt_entry() function in glibc's
misc/mntent_r.c assumes that leading whitespace on a line can always
be discarded because it will always be followed by a # for the case
of a comment or a non-whitespace character that's part of the value
of the first field. However, this assumption is violated when the
value of the first field is an empty string.

This is fixed in the mount API code by simply checking for a pointer
that contains a NULL and treating it as a NULL pointer.

Changes:

v3: added patch to fix zero length string access violation caused after
    fs parser patch is applied.

v2: fix possible oops if conversion functions such as fs_param_is_u32()
    are called.

Signed-off-by: Ian Kent <raven@xxxxxxxxxx>
---

Ian Kent (2):
      ext4: fix possible null pointer dereference
      vfs: parse: deal with zero length string value


 fs/ext4/super.c            |  4 ++--
 fs/fs_context.c            | 17 ++++++++++++-----
 fs/fs_parser.c             | 16 ++++++++++++++++
 include/linux/fs_context.h |  3 ++-
 4 files changed, 32 insertions(+), 8 deletions(-)

--
Ian




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux