The patch titled
gen_init_cpio: avoid risk of file changing between calls to stat() and open()
has been added to the -mm tree. Its filename is
gen_init_cpio-avoid-risk-of-file-changing-between-calls-to-stat-and-open.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find
out what to do about this
The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/
------------------------------------------------------
Subject: gen_init_cpio: avoid risk of file changing between calls to stat() and open()
From: Jesper Juhl <jj@xxxxxxxxxxxxx>
In usr/gen_init_cpio.c::cpio_mkfile() a call to stat() is made based on
pathname, subsequently the file is open()'ed and then the value of the
initial stat() call is used to allocate a buffer. This is not safe since
the file may change between the call to stat() and the call to open().
Safer to just open() the file and then do fstat() using the filedescriptor
returned by open.
Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx>
Acked-by: Jeff Garzik <jgarzik@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
usr/gen_init_cpio.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff -puN usr/gen_init_cpio.c~gen_init_cpio-avoid-risk-of-file-changing-between-calls-to-stat-and-open usr/gen_init_cpio.c
--- a/usr/gen_init_cpio.c~gen_init_cpio-avoid-risk-of-file-changing-between-calls-to-stat-and-open
+++ a/usr/gen_init_cpio.c
@@ -309,18 +309,18 @@ static int cpio_mkfile(const char *name,
mode |= S_IFREG;
- retval = stat (location, &buf);
- if (retval) {
- fprintf (stderr, "File %s could not be located\n", location);
- goto error;
- }
-
file = open (location, O_RDONLY);
if (file < 0) {
fprintf (stderr, "File %s could not be opened for reading\n", location);
goto error;
}
+ retval = fstat (file, &buf);
+ if (retval) {
+ fprintf (stderr, "File %s could not be stat()'ed\n", location);
+ goto error;
+ }
+
filebuf = malloc(buf.st_size);
if (!filebuf) {
fprintf (stderr, "out of memory\n");
_
Patches currently in -mm which might be from jj@xxxxxxxxxxxxx are
origin.patch
linux-next.patch
mm-hugetlbc-fix-error-path-memory-leak-in-nr_hugepages_store_common.patch
mm-hugetlbc-fix-error-path-memory-leak-in-nr_hugepages_store_common-fix.patch
gen_init_cpio-avoid-risk-of-file-changing-between-calls-to-stat-and-open.patch
memcg-use-zalloc-rather-than-mallocmemset.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
