Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Ford <david@linux.com>
To: Chris Mason <mason@suse.com>
Cc: Marc Lehmann <pcg@goof.com>,
	reiserfs-list@namesys.com, linux-kernel@vger.kernel.org,
	vs@namesys.botik.ru
Subject: Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE  Linux)
Date: Tue, 09 Jan 2001 20:43:09 -0800	[thread overview]
Message-ID: <3A5BE85D.3547E0FA@linux.com> (raw)
In-Reply-To: <75150000.979093424@tiny>

Why not use the limits from <linux/limits.h> instead?

-d

Chris Mason wrote:

> On Wednesday, January 10, 2001 02:32:09 AM +0100 Marc Lehmann <pcg@goof.com> wrote:
>
> >>> EIP; c013f911 <filldir+20b/221>   <=====
> > Trace; c013f706 <filldir+0/221>
> > Trace; c0136e01 <reiserfs_getblk+2a/16d>
>
> The buffer reiserfs is sending to filldir is big enough for
> the huge file name, so I think the real fix should be done in VFSland.
>
> But, in the interest of providing a quick, obviously correct fix, this
> reiserfs only patch will refuse to create file names larger
> than 255 chars, and skip over any directory entries larger than
> 255 chars.
>
> --- linux/include/linux/reiserfs_fs.h.1 Tue Jan  9 21:56:18 2001
> +++ linux/include/linux/reiserfs_fs.h   Tue Jan  9 21:56:33 2001
> @@ -467,7 +467,7 @@
>  /* name by bh, ih and entry_num */
>  #define B_I_E_NAME(entry_num,bh,ih) ((char *)(bh->b_data + ih->ih_item_location + (B_I_DEH(bh,ih)+(entry_num))->deh_location))
>
> -#define REISERFS_MAX_NAME_LEN(block_size) (block_size - BLKH_SIZE - IH_SIZE - DEH_SIZE)        /* -SD_SIZE when entry will contain stat data */
> +#define REISERFS_MAX_NAME_LEN(block_size) 255
>
>  /* this structure is used for operations on directory entries. It is not a disk structure. */
>  /* When reiserfs_find_entry or search_by_entry_key find directory entry, they return filled reiserfs_dir_entry structure */
> --- linux/fs/reiserfs/dir.c.1   Tue Jan  9 22:06:06 2001
> +++ linux/fs/reiserfs/dir.c     Tue Jan  9 22:15:17 2001
> @@ -159,6 +159,10 @@
>                 d_name = B_I_DEH_ENTRY_FILE_NAME (bh, ih, deh);
>                 d_off = deh->deh_offset;
>                 d_ino = deh->deh_objectid;
> +               if (d_reclen > REISERFS_MAX_NAME_LEN(inode->i_sb->s_blocksize)){
> +                   /* it is too big to send back to VFS */
> +                   continue ;
> +               }
>                 if (d_reclen <= 32) {
>                     local_buf = small_buf ;
>                 } else {
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> Please read the FAQ at http://www.tux.org/lkml/

-- ---NOTICE

-- fwd: fwd: fwd: type emails will be deleted automatically.
      "There is a natural aristocracy among men. The grounds of this are
      virtue and talents", Thomas Jefferson [1742-1826], 3rd US President



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

next prev parent reply	other threads:[~2001-01-10  4:43 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20010110023208.B296@cerebro.laendle>
2001-01-10  2:23 ` [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) Chris Mason
2001-01-10  4:43   ` David Ford [this message]
2001-01-10  5:47   ` Alexander Viro
2001-01-10 15:48     ` Chris Mason
2001-01-10 17:38       ` Alexander Viro
2001-01-10 18:48         ` Chris Mason
2001-01-11  0:47           ` Alexander Viro
2001-01-10 16:41     ` Andrea Arcangeli
2001-01-10 16:02   ` Vladimir V. Saveliev
2001-01-10 16:09     ` Chris Mason
2001-01-10 16:29       ` [reiserfs-list] major security bug in reiserfs (may affect SuSELinux) Vladimir V. Saveliev
2001-01-10 17:03     ` [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) Stefan Traby
2001-01-10 17:11       ` Stefan Traby
2001-01-10  2:40 ` Chris Mason
2001-01-11 11:05   ` Hans Reiser
2001-01-09 23:42 Marc Lehmann
2001-01-10  0:43 ` [reiserfs-list] " John Morrison
2001-01-10  0:51 ` Chris Mason
2001-01-10  0:56 ` Vladimir V. Saveliev
2001-01-10 13:08   ` Gnea
2001-01-10 11:03 ` Dirk Mueller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3A5BE85D.3547E0FA@linux.com \
    --to=david@linux.com \
    --cc=david+validemail@kalifornia.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mason@suse.com \
    --cc=pcg@goof.com \
    --cc=reiserfs-list@namesys.com \
    --cc=vs@namesys.botik.ru \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.