NAK: [PATCH 2/2] [natty CVE 2/2] Change check_ruid flag to a more reasonable type
Tim Gardner
tim.gardner at canonical.com
Thu Aug 11 17:54:46 UTC 2011
On 08/11/2011 01:44 AM, John Johansen wrote:
> The first interation of the patch for the check ruid flag at mount time
> flag returned a full uid. However the revised patch used the check_ruid
> parameter solely as a boolean flag, but missed fixing the parameters type.
>
> Change the parameter type to int instead of uid_t.
>
> CVE-2011-1833
> BugLink: http://bugs.launchpad.net/bugs/732628
>
> Signed-off-by: John Johansen<john.johansen at canonical.com>
> ---
> fs/ecryptfs/main.c | 5 ++---
> 1 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c
> index adc54c2..f236d09 100644
> --- a/fs/ecryptfs/main.c
> +++ b/fs/ecryptfs/main.c
> @@ -296,7 +296,7 @@ static void ecryptfs_init_mount_crypt_stat(
> * Returns zero on success; non-zero on error
> */
> static int ecryptfs_parse_options(struct ecryptfs_sb_info *sbi, char *options,
> - uid_t *check_ruid)
> + int *check_ruid)
> {
> char *p;
> int rc = 0;
> @@ -525,8 +525,7 @@ static struct dentry *ecryptfs_mount(struct file_system_type *fs_type, int flags
> const char *err = "Getting sb failed";
> struct inode *inode;
> struct path path;
> - uid_t check_ruid;
> - int rc;
> + int rc, check_ruid;
>
> sbi = kmem_cache_zalloc(ecryptfs_sb_info_cache, GFP_KERNEL);
> if (!sbi) {
I think this is unnecessary.
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list