[Lucid CVE-2012-6549] isofs: avoid info leak on export
Luis Henriques
luis.henriques at canonical.com
Wed Apr 17 12:24:41 UTC 2013
From: Mathias Krause <minipli at googlemail.com>
CVE-2012-6549
BugLink: http://bugs.launchpad.net/bugs/1156774
For type 1 the parent_offset member in struct isofs_fid gets copied
uninitialized to userland. Fix this by initializing it to 0.
Signed-off-by: Mathias Krause <minipli at googlemail.com>
Signed-off-by: Jan Kara <jack at suse.cz>
(cherry picked from commit fe685aabf7c8c9f138e5ea900954d295bf229175)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
fs/isofs/export.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/isofs/export.c b/fs/isofs/export.c
index e81a305..caec670 100644
--- a/fs/isofs/export.c
+++ b/fs/isofs/export.c
@@ -131,6 +131,7 @@ isofs_export_encode_fh(struct dentry *dentry,
len = 3;
fh32[0] = ei->i_iget5_block;
fh16[2] = (__u16)ei->i_iget5_offset; /* fh16 [sic] */
+ fh16[3] = 0; /* avoid leaking uninitialized data */
fh32[2] = inode->i_generation;
if (connectable && !S_ISDIR(inode->i_mode)) {
struct inode *parent;
--
1.8.1.2
More information about the kernel-team
mailing list