Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-10 15:19:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/fs
History
Amerigo Wang ec81aecb29 hfs: fix a potential buffer overflow 
A specially-crafted Hierarchical File System (HFS) filesystem could cause
a buffer overflow to occur in a process's kernel stack during a memcpy()
call within the hfs_bnode_read() function (at fs/hfs/bnode.c:24).  The
attacker can provide the source buffer and length, and the destination
buffer is a local variable of a fixed length.  This local variable (passed
as "&entry" from fs/hfs/dir.c:112 and allocated on line 60) is stored in
the stack frame of hfs_bnode_read()'s caller, which is hfs_readdir().
Because the hfs_readdir() function executes upon any attempt to read a
directory on the filesystem, it gets called whenever a user attempts to
inspect any filesystem contents.

[amwang@redhat.com: modify this patch and fix coding style problems]
Signed-off-by: WANG Cong <amwang@redhat.com>
Cc: Eugene Teo <eteo@redhat.com>
Cc: Roman Zippel <zippel@linux-m68k.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Dave Anderson <anderson@redhat.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-12-15 08:53:10 -08:00
..
9p
9p: fix build breakage introduced by FS-Cache
2009-12-01 07:35:11 -08:00
adfs
adfs: remove redundant test on unsigned
2009-09-24 07:21:05 -07:00
affs
affs: add ->sync_fs
2009-06-11 21:36:14 -04:00
afs
afs: remove manual O_SYNC handling
2009-12-10 15:02:50 +01:00
autofs
trivial: remove unnecessary semicolons
2009-09-21 15:14:58 +02:00
autofs4
autofs4 - fix missed case when changing to use struct path
2009-08-31 17:44:05 -10:00
befs
fs: Make unload_nls() NULL pointer safe
2009-09-24 07:47:42 -04:00
bfs
headers: smp_lock.h redux
2009-07-12 12:22:34 -07:00
btrfs
vfs: Implement proper O_SYNC semantics
2009-12-10 15:02:50 +01:00
cachefiles
CacheFiles: Update IMA counters when using dentry_open
2009-12-01 07:35:11 -08:00
cifs
vfs: Implement proper O_SYNC semantics
2009-12-10 15:02:50 +01:00
coda
sysctl: Drop & in front of every proc_handler.
2009-11-18 08:37:40 -08:00
configfs
writeback: add name to backing_dev_info
2009-09-11 09:20:26 +02:00
cramfs
fs/cramfs: return f_fsid for statfs(2)
2009-04-02 19:05:08 -07:00
debugfs
debugfs: fix create mutex racy fops and private data
2009-12-11 11:24:53 -08:00
devpts
devpts_get_tty() should validate inode
2009-12-11 15:18:05 -08:00
dlm
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm
2009-12-10 09:33:59 -08:00
ecryptfs
ima: ecryptfs fix imbalance message
2009-10-08 11:31:38 -05:00
efs
get rid of BKL in fs/efs
2009-06-17 00:36:36 -04:00
exofs
exofs: Multi-device mirror support
2009-12-10 09:59:23 +02:00
exportfs
Merge branch 'next' into for-linus
2008-12-25 11:40:09 +11:00
ext2
ext2: fix comment in ext2_find_entry about return values
2009-12-10 15:02:53 +01:00
ext3
ext3: PTR_ERR return of wrong pointer in setup_new_group_blocks()
2009-12-10 15:02:55 +01:00
ext4
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
2009-12-14 09:58:24 -08:00
fat
Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6
2009-09-30 09:31:14 -07:00
freevxfs
headers: smp_lock.h redux
2009-07-12 12:22:34 -07:00
fscache
FS-Cache: Provide nop fscache_stat_d() if CONFIG_FSCACHE_STATS=n
2009-11-20 21:50:44 +00:00
fuse
fuse: reject O_DIRECT flag also in fuse_create
2009-11-27 16:37:13 +01:00
gfs2
GFS2: Fix glock refcount issues
2009-12-03 12:00:12 +00:00
hfs
hfs: fix a potential buffer overflow
2009-12-15 08:53:10 -08:00
hfsplus
hfsplus: refuse to mount volumes larger than 2TB
2009-10-29 07:39:27 -07:00
hostfs
hostfs: set maximum filesize in superblock for proper LFS support
2009-06-30 18:56:03 -07:00
hpfs
headers: smp_lock.h redux
2009-07-12 12:22:34 -07:00
hppfs
hppfs: hppfs_read_file() may return -ERROR
2009-04-02 19:04:53 -07:00
hugetlbfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
2009-09-24 08:32:11 -07:00
isofs
zisofs: Implement reading of compressed files when PAGE_CACHE_SIZE > compress block size
2009-12-10 15:02:49 +01:00
jbd
fs/jbd: Export log_start_commit to fix ext3 build.
2009-11-12 10:24:12 +01:00
jbd2
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2009-12-11 15:31:13 -08:00
jffs2
Merge branch 'for-next' into for-linus
2009-12-07 18:36:35 +01:00
jfs
tree-wide: fix assorted typos all over the place
2009-12-04 15:39:55 +01:00
lockd
sysctl: Drop & in front of every proc_handler.
2009-11-18 08:37:40 -08:00
minix
V3 minixfs: add missing directory type checking
2009-09-23 07:39:57 -07:00
ncpfs
tree-wide: fix assorted typos all over the place
2009-12-04 15:39:55 +01:00
nfs
Merge git://git.linux-nfs.org/projects/trondmy/nfs-2.6
2009-12-14 10:00:24 -08:00
nfs_common
SUNRPC: nfsacl_encode/nfsacl_decode should be exported as GPL-only
2008-12-23 15:21:32 -05:00
nfsd
Fix memory corruption caused by nfsd readdir+
2009-11-14 12:55:55 -08:00
nilfs2
nilfs2: separate wait function from nilfs_segctor_write
2009-11-30 21:17:52 +09:00
nls
Merge git://git.kernel.org/pub/scm/linux/kernel/git/hirofumi/fatfs-2.6
2009-09-30 09:31:14 -07:00
notify
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2009-12-09 19:43:33 -08:00
ntfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2009-12-09 19:43:33 -08:00
ocfs2
quota: Move definition of QFMT_OCFS2 to linux/quota.h
2009-12-10 15:02:53 +01:00
omfs
tree-wide: fix assorted typos all over the place
2009-12-04 15:39:55 +01:00
openpromfs
zero i_uid/i_gid on inode allocation
2009-01-05 11:54:28 -05:00
partitions
partitions: read whole sector with EFI GPT header
2009-11-23 09:29:58 +01:00
proc
Merge commit 'origin/master' into next
2009-12-09 17:14:38 +11:00
qnx4
qnx4fs: add missing KERN_xxx to printk() calls
2009-11-09 09:40:57 +01:00
quota
quota: Implement quota format with 64-bit space and inode limits
2009-12-10 15:02:54 +01:00
ramfs
truncate: use new helpers
2009-09-24 08:41:47 -04:00
reiserfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2009-12-09 19:43:33 -08:00
romfs
ROMFS: fix length used with romfs_dev_strnlen() function
2009-10-11 11:33:56 -07:00
smbfs
fs: Make unload_nls() NULL pointer safe
2009-09-24 07:47:42 -04:00
squashfs
const: mark remaining super_operations const
2009-09-22 07:17:24 -07:00
sysfs
sysfs: sysfs_setattr remove unnecessary permission check.
2009-12-11 11:24:54 -08:00
sysv
get rid of BKL in fs/sysv
2009-06-17 00:36:37 -04:00
ubifs
Merge git://git.infradead.org/ubifs-2.6
2009-12-10 09:31:45 -08:00
udf
udf: Avoid IO in udf_clear_inode
2009-12-14 21:40:04 +01:00
ufs
ufs: sector_t cannot be negative
2009-06-18 13:03:46 -07:00
xfs
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu
2009-12-14 09:58:24 -08:00
aio.c
block: move bdi/address_space unplug functions to backing-dev.h
2009-10-29 13:59:26 +01:00
anon_inodes.c
headers: remove sched.h from poll.h
2009-10-04 15:05:10 -07:00
attr.c
truncate: new helpers
2009-09-24 08:41:47 -04:00
bad_inode.c
kill ->dir_notify()
2008-12-31 18:07:43 -05:00
binfmt_aout.c
sanitize ifdefs in binfmt_aout
2009-01-03 11:45:54 -08:00
binfmt_elf_fdpic.c
fdpic: ignore the loader's PT_GNU_STACK when calculating the stack size
2009-09-24 07:21:02 -07:00
binfmt_elf.c
tree-wide: fix assorted typos all over the place
2009-12-04 15:39:55 +01:00
binfmt_em86.c
binfmt_flat.c
flat: use IS_ERR_VALUE() helper macro
2009-09-24 07:21:03 -07:00
binfmt_misc.c
fs/binfmt_misc.c: add terminating newline to /proc/sys/fs/binfmt_misc/status
2009-01-06 15:59:19 -08:00
binfmt_script.c
binfmt_som.c
Don't crap into descriptor table in binfmt_som
2009-03-31 23:00:28 -04:00
bio-integrity.c
block: Create bip slabs with embedded integrity vectors
2009-07-01 10:56:25 +02:00
bio.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2009-12-09 19:43:33 -08:00
block_dev.c
Merge branch 'for-linus' into for-2.6.33
2009-11-03 21:14:39 +01:00
buffer.c
Merge branch 'writeback' of git://git.kernel.dk/linux-2.6-block
2009-09-25 09:27:30 -07:00
char_dev.c
fs/char_dev.c: remove useless loop
2009-09-24 07:21:03 -07:00
compat_binfmt_elf.c
compat_ioctl.c
md: move compat_ioctl handling into md.c
2009-12-14 12:51:41 +11:00
compat.c
x86, fs: Fix x86 procfs stack information for threads on 64-bit
2009-11-04 13:25:03 +01:00
dcache.c
sched: Pull up the might_sleep() check into cond_resched()
2009-07-18 15:51:44 +02:00
dcookies.c
[CVE-2009-0029] System call wrapper special cases
2009-01-14 14:15:18 +01:00
direct-io.c
Fix regression in direct writes performance due to WRITE_ODIRECT flag removal
2009-11-26 09:46:46 +01:00
drop_caches.c
sysctl: remove "struct file *" argument of ->proc_handler
2009-09-24 07:21:04 -07:00
eventfd.c
anonfd: split interface into file creation and install
2009-09-23 07:39:29 -07:00
eventpoll.c
sysctl: Drop & in front of every proc_handler.
2009-11-18 08:37:40 -08:00
exec.c
Merge branch 'master' into next
2009-12-03 12:03:40 +05:30
fcntl.c
fcntl: rename F_OWNER_GID to F_OWNER_PGRP
2009-11-17 17:40:33 -08:00
fifo.c
file_table.c
LSM: imbed ima calls in the security hooks
2009-10-25 12:22:48 +08:00
file.c
headers: remove sched.h from interrupt.h
2009-10-11 11:20:58 -07:00
filesystems.c
fs: Mark get_filesystem_list() as __init function.
2009-04-20 23:02:52 -04:00
fs_struct.c
Get rid of indirect include of fs_struct.h
2009-03-31 23:00:27 -04:00
fs-writeback.c
writeback: remove unused nonblocking and congestion checks
2009-12-03 13:54:25 +01:00
generic_acl.c
New helper - current_umask()
2009-03-31 23:00:26 -04:00
inode.c
LSM: imbed ima calls in the security hooks
2009-10-25 12:22:48 +08:00
internal.h
fs: fix overflow in sys_mount() for in-kernel calls
2009-09-24 08:40:15 -04:00
ioctl.c
__generic_block_fiemap(): fix for files bigger than 4GB
2009-11-12 07:26:01 -08:00
ioprio.c
[CVE-2009-0029] System call wrappers part 28
2009-01-14 14:15:30 +01:00
Kconfig
powerpc: Cleanup Kconfig selection of hugetlbfs support
2009-10-30 15:03:54 +11:00
Kconfig.binfmt
CORE_DUMP_DEFAULT_ELF_HEADERS depends on ELF_CORE
2009-01-09 16:54:41 -08:00
libfs.c
libfs: return error code on failed attr set
2009-09-24 07:47:30 -04:00
locks.c
const: make lock_manager_operations const
2009-09-22 07:17:25 -07:00
Makefile
nilfs2: update makefile and Kconfig
2009-04-07 08:31:16 -07:00
mbcache.c
mpage.c
ext4: Properly initialize the buffer_head state
2009-05-13 15:13:42 -04:00
namei.c
Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs-2.6
2009-12-11 15:31:13 -08:00
namespace.c
LSM: Pass original mount flags to security_sb_mount().
2009-10-12 10:56:03 +11:00
nfsctl.c
[CVE-2009-0029] System call wrappers part 27
2009-01-14 14:15:29 +01:00
no-block.c
open.c
LSM: Move security_path_chmod()/security_path_chown() to after mutex_lock().
2009-11-24 08:49:26 +11:00
pipe.c
fs: pipe.c null pointer dereference
2009-10-22 08:11:44 +09:00
pnode.c
pnode.h
posix_acl.c
CRED: Wrap task credential accesses in the filesystem subsystem
2008-11-14 10:39:05 +11:00
read_write.c
sendfile(): check f_op.splice_write() rather than f_op.sendpage()
2009-11-04 09:09:52 +01:00
read_write.h
readdir.c
[CVE-2009-0029] System call wrappers part 32
2009-01-14 14:15:31 +01:00
select.c
headers: remove sched.h from poll.h
2009-10-04 15:05:10 -07:00
seq_file.c
vfs: seq_file: add helpers for data filling
2009-09-24 07:47:35 -04:00
signalfd.c
[CVE-2009-0029] System call wrappers part 31
2009-01-14 14:15:31 +01:00
splice.c
sendfile(): check f_op.splice_write() rather than f_op.sendpage()
2009-11-04 09:09:52 +01:00
stack.c
stat.c
kill vfs_stat_fd / vfs_lstat_fd
2009-04-20 23:02:52 -04:00
super.c
freeze_bdev: grab active reference to frozen superblocks
2009-09-24 07:47:41 -04:00
sync.c
kill wait_on_page_writeback_range
2009-12-10 15:02:50 +01:00
timerfd.c
timerfd: add flags check
2009-02-18 15:37:53 -08:00
utimes.c
[CVE-2009-0029] System call wrappers part 30
2009-01-14 14:15:30 +01:00
xattr_acl.c
VFS: Use GFP_NOFS in posix_acl_from_xattr()
2009-12-03 11:48:07 +00:00
xattr.c
VFS: Factor out part of vfs_setxattr so it can be called from the SELinux hook for inode_setsecctx.
2009-09-10 10:11:22 +10:00