diff options
author | Dan Rosenberg <dan.j.rosenberg@gmail.com> | 2010-09-06 18:24:57 -0400 |
---|---|---|
committer | Alex Elder <aelder@sgi.com> | 2010-09-10 07:39:28 -0500 |
commit | a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9 (patch) | |
tree | 754cbb6319fd3114c6aeb1bf456bf37cff699c69 /fs | |
parent | cc491e27d31f1bb3dacb309407b47d65669ceb9d (diff) | |
download | blackbird-op-linux-a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9.tar.gz blackbird-op-linux-a122eb2fdfd78b58c6dd992d6f4b1aaef667eef9.zip |
xfs: prevent reading uninitialized stack memory
The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12
bytes of uninitialized stack memory, because the fsxattr struct
declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero)
the 12-byte fsx_pad member before copying it back to the user. This
patch takes care of it.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Alex Elder <aelder@sgi.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/xfs/linux-2.6/xfs_ioctl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c index 4fec427b83ef..3b9e626f7cd1 100644 --- a/fs/xfs/linux-2.6/xfs_ioctl.c +++ b/fs/xfs/linux-2.6/xfs_ioctl.c @@ -785,6 +785,8 @@ xfs_ioc_fsgetxattr( { struct fsxattr fa; + memset(&fa, 0, sizeof(struct fsxattr)); + xfs_ilock(ip, XFS_ILOCK_SHARED); fa.fsx_xflags = xfs_ip2xflags(ip); fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog; |