Re: [PATCH] eCryptfs: check readlink result was not an errorbefore using it

From: Michael Halcrow
Date: Thu Dec 11 2008 - 14:50:11 EST


On Thu, Dec 11, 2008 at 07:16:26PM +0000, Duane Griffin wrote:
> The result from readlink is being used to index into the link name
> buffer without checking whether it is a valid length. If readlink
> returns an error this will fault or cause memory corruption.
>
> Signed-off-by: Duane Griffin <duaneg@xxxxxxxxx>

Acked-by: Michael Halcrow <mhalcrow@xxxxxxxxxx>

> ---
> fs/ecryptfs/inode.c | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
> index 89209f0..5e78fc1 100644
> --- a/fs/ecryptfs/inode.c
> +++ b/fs/ecryptfs/inode.c
> @@ -673,10 +673,11 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd)
> ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
> "dentry->d_name.name = [%s]\n", dentry->d_name.name);
> rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
> - buf[rc] = '\0';
> set_fs(old_fs);
> if (rc < 0)
> goto out_free;
> + else
> + buf[rc] = '\0';
> rc = 0;
> nd_set_link(nd, buf);
> goto out;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/