APPLIED: [Lucid CVE-2012-6549] isofs: avoid info leak on export
Tim Gardner
tim.gardner at canonical.com
Wed Apr 17 12:55:21 UTC 2013
On 04/17/2013 06:24 AM, Luis Henriques wrote:
> From: Mathias Krause <minipli at googlemail.com>
>
> CVE-2012-6549
>
> BugLink: http://bugs.launchpad.net/bugs/1156774
>
> For type 1 the parent_offset member in struct isofs_fid gets copied
> uninitialized to userland. Fix this by initializing it to 0.
>
> Signed-off-by: Mathias Krause <minipli at googlemail.com>
> Signed-off-by: Jan Kara <jack at suse.cz>
> (cherry picked from commit fe685aabf7c8c9f138e5ea900954d295bf229175)
>
> Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
> ---
> fs/isofs/export.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/fs/isofs/export.c b/fs/isofs/export.c
> index e81a305..caec670 100644
> --- a/fs/isofs/export.c
> +++ b/fs/isofs/export.c
> @@ -131,6 +131,7 @@ isofs_export_encode_fh(struct dentry *dentry,
> len = 3;
> fh32[0] = ei->i_iget5_block;
> fh16[2] = (__u16)ei->i_iget5_offset; /* fh16 [sic] */
> + fh16[3] = 0; /* avoid leaking uninitialized data */
> fh32[2] = inode->i_generation;
> if (connectable && !S_ISDIR(inode->i_mode)) {
> struct inode *parent;
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list