re: btrfs: add btrfs_read_policy_to_enum helper and refactor read, policy store

From: Colin King (gmail)
Date: Thu Dec 19 2024 - 10:40:49 EST

Next message: Jarkko Sakkinen: "Re: [PATCH 3/3] x86/sev: add a SVSM vTPM platform device"
Previous message: Daniel Wagner: "Re: [PATCH v4 8/9] blk-mq: use hk cpus only when isolcpus=managed_irq is enabled"
Next in thread: Anand Jain: "Re: btrfs: add btrfs_read_policy_to_enum helper and refactor read, policy store"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Static analysis on linux-next today has found a potential buffer overflow in fs/btrfs/sysfs.c in function btrfs_read_policy_to_enum()

The strcpy to string param has no length checks on str and hence if str is longer than param a buffer overflow on the stack occurs. This can potentially occur when a user writes a long string to the btrfs sysfs file read_policy via btrfs_read_policy_store()

int btrfs_read_policy_to_enum(const char *str, s64 *value)
{
char param[32] = {'\0'};
char *__maybe_unused value_str;
int index;
bool found = false;

if (!str || strlen(str) == 0)
return 0;

strcpy(param, str); /* issue here */

....
}

Colin

Next message: Jarkko Sakkinen: "Re: [PATCH 3/3] x86/sev: add a SVSM vTPM platform device"
Previous message: Daniel Wagner: "Re: [PATCH v4 8/9] blk-mq: use hk cpus only when isolcpus=managed_irq is enabled"
Next in thread: Anand Jain: "Re: btrfs: add btrfs_read_policy_to_enum helper and refactor read, policy store"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]