This is a note to let you know that I've just added the patch titled fuse: readdir: check for slash in names to the 3.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fuse-readdir-check-for-slash-in-names.patch and it can be found in the queue-3.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From efeb9e60d48f7778fdcad4a0f3ad9ea9b19e5dfd Mon Sep 17 00:00:00 2001 From: Miklos Szeredi <mszeredi@xxxxxxx> Date: Tue, 3 Sep 2013 14:28:38 +0200 Subject: fuse: readdir: check for slash in names From: Miklos Szeredi <mszeredi@xxxxxxx> commit efeb9e60d48f7778fdcad4a0f3ad9ea9b19e5dfd upstream. Userspace can add names containing a slash character to the directory listing. Don't allow this as it could cause all sorts of trouble. Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/fuse/dir.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1175,6 +1175,8 @@ static int parse_dirfile(char *buf, size return -EIO; if (reclen > nbytes) break; + if (memchr(dirent->name, '/', dirent->namelen) != NULL) + return -EIO; over = filldir(dstbuf, dirent->name, dirent->namelen, file->f_pos, dirent->ino, dirent->type); @@ -1323,6 +1325,8 @@ static int parse_dirplusfile(char *buf, return -EIO; if (reclen > nbytes) break; + if (memchr(dirent->name, '/', dirent->namelen) != NULL) + return -EIO; if (!over) { /* We fill entries into dstbuf only as much as Patches currently in stable-queue which might be from mszeredi@xxxxxxx are queue-3.10/fuse-invalidate-inode-attributes-on-xattr-modification.patch queue-3.10/fuse-readdir-check-for-slash-in-names.patch queue-3.10/fuse-postpone-end_page_writeback-in-fuse_writepage_locked.patch queue-3.10/fuse-hotfix-truncate_pagecache-issue.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html