Re: [xfs-masters] [PATCH] xfs: prevent reading uninitialized stack memory

[Eric Sandeen <sandeen@xxxxxxxxxxx>]

Dan Rosenberg wrote:
> The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12
> bytes of uninitialized stack memory, because the fsxattr struct
> declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero)
> the 12-byte fsx_pad member before copying it back to the user.  This
> patch takes care of it.
> 
> Signed-off-by: Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx>

Thanks.

Reviewed-by: Eric Sandeen <sandeen@xxxxxxxxxx>

-Eric

> --- linux-2.6.35.4.orig/fs/xfs/linux-2.6/xfs_ioctl.c  2010-09-06
> 17:57:16.000000000 -0400
> +++ linux-2.6.35.4/fs/xfs/linux-2.6/xfs_ioctl.c       2010-09-06
> 17:58:19.000000000 -0400
> @@ -794,6 +794,8 @@ xfs_ioc_fsgetxattr(
>  {
>       struct fsxattr          fa;
> 
> +     memset(&fa, 0, sizeof(struct fsxattr));
> +
>       xfs_ilock(ip, XFS_ILOCK_SHARED);
>       fa.fsx_xflags = xfs_ip2xflags(ip);
>       fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;
> 
> _______________________________________________
> xfs-masters mailing list
> xfs-masters@xxxxxxxxxxx
> http://oss.sgi.com/mailman/listinfo/xfs-masters
>