diff options
| author | Darrick J. Wong <darrick.wong@oracle.com> | 2019-07-28 21:12:32 -0700 |
|---|---|---|
| committer | Darrick J. Wong <darrick.wong@oracle.com> | 2019-07-28 21:12:32 -0700 |
| commit | 2e616d9f9ce8d469db4cd0a019cdc2ff3feab577 (patch) | |
| tree | c9032b3e27c6e6acb57ec51248468b7b66c8aae0 /fs | |
| parent | 609488bc979f99f805f34e9a32c1e3b71179d10b (diff) | |
| download | linux-2e616d9f9ce8d469db4cd0a019cdc2ff3feab577.tar.gz | |
xfs: fix stack contents leakage in the v1 inumber ioctls
Explicitly initialize the onstack structures to zero so we don't leak
kernel memory into userspace when converting the in-core inumbers
structure to the v1 inogrp ioctl structure. Add a comment about why we
have to use memset to ensure that the padding holes in the structures
are set to zero.
Fixes: 5f19c7fc6873351 ("xfs: introduce v5 inode group structure")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eric Sandeen <sandeen@redhat.com>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/xfs/xfs_itable.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c index a8a06bb78ea8..f5c955d35be4 100644 --- a/fs/xfs/xfs_itable.c +++ b/fs/xfs/xfs_itable.c @@ -272,6 +272,7 @@ xfs_bulkstat_to_bstat( struct xfs_bstat *bs1, const struct xfs_bulkstat *bstat) { + /* memset is needed here because of padding holes in the structure. */ memset(bs1, 0, sizeof(struct xfs_bstat)); bs1->bs_ino = bstat->bs_ino; bs1->bs_mode = bstat->bs_mode; @@ -388,6 +389,8 @@ xfs_inumbers_to_inogrp( struct xfs_inogrp *ig1, const struct xfs_inumbers *ig) { + /* memset is needed here because of padding holes in the structure. */ + memset(ig1, 0, sizeof(struct xfs_inogrp)); ig1->xi_startino = ig->xi_startino; ig1->xi_alloccount = ig->xi_alloccount; ig1->xi_allocmask = ig->xi_allocmask; |