[Precise][CVE-2012-5374, CVE-2012-5375 0/1] Btrfs: fix hash overflow handling
Luis Henriques
luis.henriques at canonical.com
Fri Oct 18 09:49:19 UTC 2013
Following this email, there's a backport to the Precise kernel of
commit:
9c52057 Btrfs: fix hash overflow handling
This commit fixes 2 CVEs: CVE-2012-5374 and CVE-2012-5375.
This backport drops two changes from the original commit:
* function btrfs_add_link, in fs/btrfs/inode.c
In Precise, after calling btrfs_insert_dir_item(), there's a
'BUG_ON(ret)', which already covers the EOVERFLOW case
* function create_pending_snapshot, in fs/btrfs/transaction.c
Same thing here: there's a 'BUG_ON(ret)' after calling
btrfs_insert_dir_item() which also covers EOVERFLOW
There are also some minor context adjustments and, in function
btrfs_mksubvol (fs/btrfs/ioctl.c), a label in a 'goto' statement that had
to be modified.
This backport has been tested using the xfstests and no regressions
were found (although I don't think these tests would uncover the hash
overflow scenario).
Chris Mason (1):
Btrfs: fix hash overflow handling
fs/btrfs/ctree.h | 2 ++
fs/btrfs/dir-item.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++
fs/btrfs/inode.c | 22 ++++++++++++++++++++
fs/btrfs/ioctl.c | 10 +++++++++
4 files changed, 93 insertions(+)
--
1.8.3.2
More information about the kernel-team
mailing list