Patch "fuse: readdir: check for slash in names" has been added to the 3.10-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Tue, 24 Sep 2013 16:41:16 -0700

This is a note to let you know that I've just added the patch titled

    fuse: readdir: check for slash in names

to the 3.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     fuse-readdir-check-for-slash-in-names.patch
and it can be found in the queue-3.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From efeb9e60d48f7778fdcad4a0f3ad9ea9b19e5dfd Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <mszeredi@xxxxxxx>
Date: Tue, 3 Sep 2013 14:28:38 +0200
Subject: fuse: readdir: check for slash in names

From: Miklos Szeredi <mszeredi@xxxxxxx>

commit efeb9e60d48f7778fdcad4a0f3ad9ea9b19e5dfd upstream.

Userspace can add names containing a slash character to the directory
listing.  Don't allow this as it could cause all sorts of trouble.

Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
 fs/fuse/dir.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1175,6 +1175,8 @@ static int parse_dirfile(char *buf, size
 			return -EIO;
 		if (reclen > nbytes)
 			break;
+		if (memchr(dirent->name, '/', dirent->namelen) != NULL)
+			return -EIO;
 
 		over = filldir(dstbuf, dirent->name, dirent->namelen,
 			       file->f_pos, dirent->ino, dirent->type);
@@ -1323,6 +1325,8 @@ static int parse_dirplusfile(char *buf,
 			return -EIO;
 		if (reclen > nbytes)
 			break;
+		if (memchr(dirent->name, '/', dirent->namelen) != NULL)
+			return -EIO;
 
 		if (!over) {
 			/* We fill entries into dstbuf only as much as


Patches currently in stable-queue which might be from mszeredi@xxxxxxx are

queue-3.10/fuse-invalidate-inode-attributes-on-xattr-modification.patch
queue-3.10/fuse-readdir-check-for-slash-in-names.patch
queue-3.10/fuse-postpone-end_page_writeback-in-fuse_writepage_locked.patch
queue-3.10/fuse-hotfix-truncate_pagecache-issue.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







