github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-14 01:40:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4d5f99ec00
linux/fs/btrfs
History
Filipe Manana e3fc2151d7 Btrfs: ensure path name is null terminated at btrfs_control_ioctl 
commit f505754fd6 upstream.

We were using the path name received from user space without checking that
it is null terminated. While btrfs-progs is well behaved and does proper
validation and null termination, someone could call the ioctl and pass
a non-null terminated patch, leading to buffer overrun problems in the
kernel.  The ioctl is protected by CAP_SYS_ADMIN.

So just set the last byte of the path to a null character, similar to what
we do in other ioctls (add/remove/resize device, snapshot creation, etc).

CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Anand Jain <anand.jain@oracle.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-12-13 09:21:26 +01:00
..
tests btrfs: tests/qgroup: Fix wrong tree backref level 2018-05-30 07:49:09 +02:00
acl.c btrfs: preserve i_mode if __btrfs_set_acl() fails 2018-03-11 16:19:47 +01:00
async-thread.c
async-thread.h
backref.c
backref.h
btrfs_inode.h
check-integrity.c
check-integrity.h
compression.c
compression.h
ctree.c btrfs: Fix out of bounds access in btrfs_search_slot 2018-05-30 07:48:54 +02:00
ctree.h
delayed-inode.c
delayed-inode.h
delayed-ref.c
delayed-ref.h
dev-replace.c btrfs: replace: Reset on-disk dev stats value after replace 2018-09-15 09:40:40 +02:00
dev-replace.h
dir-item.c
disk-io.c btrfs: fix pinned underflow after transaction aborted 2018-11-27 16:08:01 +01:00
disk-io.h btrfs: don't create or leak aliased root while cleaning up orphans 2018-11-10 07:41:36 -08:00
export.c
export.h
extent_io.c btrfs: fix incorrect error return ret being passed to mapping_set_error 2018-04-13 19:50:06 +02:00
extent_io.h
extent_map.c
extent_map.h
extent-tree.c btrfs: Ensure btrfs_trim_fs can trim the whole filesystem 2018-12-01 09:46:41 +01:00
extent-tree.h
file-item.c
file.c Btrfs: set plug for fsync 2018-05-30 07:48:54 +02:00
free-space-cache.c btrfs: set max_extent_size properly 2018-11-21 09:27:38 +01:00
free-space-cache.h
hash.c
hash.h
inode-item.c
inode-map.c
inode-map.h
inode.c Btrfs: fix null pointer dereference on compressed write path error 2018-11-21 09:27:38 +01:00
ioctl.c btrfs: Ensure btrfs_trim_fs can trim the whole filesystem 2018-12-01 09:46:41 +01:00
Kconfig
locking.c
locking.h
lzo.c
Makefile
math.h
ordered-data.c
ordered-data.h
orphan.c
print-tree.c
print-tree.h
props.c
props.h
qgroup.c btrfs: qgroup: Dirty all qgroups before rescan 2018-11-21 09:27:38 +01:00
qgroup.h
raid56.c Btrfs: make raid6 rebuild retry more 2018-07-03 11:21:24 +02:00
raid56.h
rcu-string.h
reada.c
relocation.c btrfs: Handle owner mismatch gracefully when walking up tree 2018-11-21 09:27:37 +01:00
root-tree.c btrfs: don't create or leak aliased root while cleaning up orphans 2018-11-10 07:41:36 -08:00
scrub.c btrfs: scrub: Don't use inode pages for device replace 2018-07-03 11:21:25 +02:00
send.c Btrfs: send, fix issuing write op when processing hole in no data mode 2018-05-30 07:49:03 +02:00
send.h
struct-funcs.c
super.c Btrfs: ensure path name is null terminated at btrfs_control_ioctl 2018-12-13 09:21:26 +01:00
sysfs.c
sysfs.h
transaction.c
transaction.h
tree-defrag.c
tree-log.c Btrfs: fix wrong dentries after fsync of file that got its parent replaced 2018-11-21 09:27:38 +01:00
tree-log.h
ulist.c
ulist.h
uuid-tree.c
volumes.c Btrfs: make raid6 rebuild retry more 2018-07-03 11:21:24 +02:00
volumes.h
xattr.c
xattr.h
zlib.c