[Top] [All Lists]

Re: [PATCH] Fix possible memory corruption in xfs_readlink

To: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
Subject: Re: [PATCH] Fix possible memory corruption in xfs_readlink
From: Alex Elder <aelder@xxxxxxx>
Date: Mon, 17 Oct 2011 17:39:44 -0500
Cc: <xfs@xxxxxxxxxxx>
In-reply-to: <1318885528-7650-1-git-send-email-cmaiolino@xxxxxxxxxx>
References: <1318885528-7650-1-git-send-email-cmaiolino@xxxxxxxxxx>
Reply-to: <aelder@xxxxxxx>
On Mon, 2011-10-17 at 19:05 -0200, Carlos Maiolino wrote:
> Fixes a possible memory corruption when the link is larger than
> MAXPATHLEN and XFS_DEBUG is not enabled. This also remove the
> S_ISLNK assert, since the inode mode is checked previously in
> xfs_readlink_by_handle() and via VFS.
> Signed-off-by: Carlos Maiolino <cmaiolino@xxxxxxxxxx>

I know this was discussed to death on IRC.  But I didn't
get a chance to be a part of that committee so I have
a suggested change:  use %llu format, not %lld.

Just to clarify, this is addressing something that could
happen if a corrupt filesystem led to an inode whose flags
indicate it's a symlink has a size that exceeds the maximum
path length.  And without your fix, the memcpy() in
xfs_readlink() could overflow the memory it's provided.

I can implement the format string fix before I commit your
change.  But I'll wait for your permission before doing so.

Reviewed-by: Alex Elder <aelder@xxxxxxx>

<Prev in Thread] Current Thread [Next in Thread>