xfs: xfs_ioctl: fix information leak to userland

al_hreq is copied from userland. If al_hreq.buflen is not properly aligned then xfs_attr_list will ignore the last bytes of kbuf. These bytes are unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: N Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: N Alex Elder <aelder@sgi.com>

xfs: xfs_ioctl: fix information leak to userland
al_hreq is copied from userland. If al_hreq.buflen is not properly aligned then xfs_attr_list will ignore the last bytes of kbuf. These bytes are unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: N Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: N Alex Elder <aelder@sgi.com>
6762b938 · Kulikov Vasiliy · Alex Elder · 5d0af85c · 6762b938
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

fs/xfs/linux-2.6/xfs_ioctl.c fs/xfs/linux-2.6/xfs_ioctl.c +1 -1

未找到文件。
--- a/fs/xfs/linux-2.6/xfs_ioctl.c
+++ b/fs/xfs/linux-2.6/xfs_ioctl.c
@@ -416,7 +416,7 @@ xfs_attrlist_by_handle(
 	if (IS_ERR(dentry))
 		return PTR_ERR(dentry);

-	kbuf = kmalloc(al_hreq.buflen, GFP_KERNEL);
+	kbuf = kzalloc(al_hreq.buflen, GFP_KERNEL);
 	if (!kbuf)
 		goto out_dput;