From: Hans Reiser <reiser@namesys.com>
To: Chris Mason <mason@suse.com>
Cc: Marc Lehmann <pcg@goof.com>,
reiserfs-list@namesys.com, linux-kernel@vger.kernel.org,
vs@namesys.botik.ru
Subject: Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)
Date: Thu, 11 Jan 2001 14:05:56 +0300 [thread overview]
Message-ID: <3A5D9394.8693C6D4@namesys.com> (raw)
In-Reply-To: <85470000.979094446@tiny>
Chris Mason wrote:
>
> On Wednesday, January 10, 2001 02:32:09 AM +0100 Marc Lehmann <pcg@goof.com> wrote:
> >>> EIP; c013f911 <filldir+20b/221> <=====
> > Trace; c013f706 <filldir+0/221>
> > Trace; c0136e01 <reiserfs_getblk+2a/16d>
> >
>
> Here is a patch against our 2.4 code (3.6.25) that does the
> same as the patch posted for 3.5.29:
>
> -chris
>
> --- linux/include/linux/reiserfs_fs.h.1 Tue Jan 9 21:22:27 2001
> +++ linux/include/linux/reiserfs_fs.h Tue Jan 9 21:22:55 2001
> @@ -926,8 +926,7 @@
> //((block_size - BLKH_SIZE - IH_SIZE - DEH_SIZE * 2) / 2)
>
> // two entries per block (at least)
> -#define REISERFS_MAX_NAME_LEN(block_size) \
> -((block_size - BLKH_SIZE - IH_SIZE - DEH_SIZE))
> +#define REISERFS_MAX_NAME_LEN(block_size) 255
>
>
>
> --- linux/fs/reiserfs/dir.c.1 Tue Jan 9 21:22:19 2001
> +++ linux/fs/reiserfs/dir.c Tue Jan 9 21:21:02 2001
> @@ -142,6 +142,10 @@
> if (!d_name[d_reclen - 1])
> d_reclen = strlen (d_name);
>
> + if (d_reclen > REISERFS_MAX_NAME_LEN(inode->i_sb->s_blocksize)){
> + /* too big to send back to VFS */
> + continue ;
> + }
> d_off = deh_offset (deh);
> filp->f_pos = d_off ;
> d_ino = deh_objectid (deh);
I think that in the short term, so as to make it easier to merge us into 2.4, it is reasonable to
restrict us to small names, so go ahead and merge this code into cvs if not done already.
Hans
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next prev parent reply other threads:[~2001-01-11 12:41 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20010110023208.B296@cerebro.laendle>
2001-01-10 2:23 ` [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) Chris Mason
2001-01-10 4:43 ` David Ford
2001-01-10 5:47 ` Alexander Viro
2001-01-10 15:48 ` Chris Mason
2001-01-10 17:38 ` Alexander Viro
2001-01-10 18:48 ` Chris Mason
2001-01-11 0:47 ` Alexander Viro
2001-01-10 16:41 ` Andrea Arcangeli
2001-01-10 16:02 ` Vladimir V. Saveliev
2001-01-10 16:09 ` Chris Mason
2001-01-10 16:29 ` [reiserfs-list] major security bug in reiserfs (may affect SuSELinux) Vladimir V. Saveliev
2001-01-10 17:03 ` [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux) Stefan Traby
2001-01-10 17:11 ` Stefan Traby
2001-01-10 2:40 ` Chris Mason
2001-01-11 11:05 ` Hans Reiser [this message]
2001-01-09 23:42 Marc Lehmann
2001-01-10 0:43 ` [reiserfs-list] " John Morrison
2001-01-10 0:51 ` Chris Mason
2001-01-10 0:56 ` Vladimir V. Saveliev
2001-01-10 13:08 ` Gnea
2001-01-10 11:03 ` Dirk Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3A5D9394.8693C6D4@namesys.com \
--to=reiser@namesys.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mason@suse.com \
--cc=pcg@goof.com \
--cc=reiserfs-list@namesys.com \
--cc=vs@namesys.botik.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox