Kees Cook dbd3462bbd gen_init_cpio: avoid stack overflow when expanding ... commit 20f1de659b upstream. Fix possible overflow of the buffer used for expanding environment variables when building file list. In the extremely unlikely case of an attacker having control over the environment variables visible to gen_init_cpio, control over the contents of the file gen_init_cpio parses, and gen_init_cpio was built without compiler hardening, the attacker can gain arbitrary execution control via a stack buffer overflow. $ cat usr/crash.list file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0 $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list *** buffer overflow detected ***: ./usr/gen_init_cpio terminated This also replaces the space-indenting with tabs. Patch based on existing fix extracted from grsecurity. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Brad Spengler <spender@grsecurity.net> Cc: PaX Team <pageexec@freemail.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Willy Tarreau <w@1wt.eu>		2013-06-10 11:42:14 +02:00
..
.gitignore	gitignore usr/initramfs_data.cpio.bz2 and usr/initramfs_data.cpio.lzma	2009-09-20 12:27:42 +02:00
gen_init_cpio.c	gen_init_cpio: avoid stack overflow when expanding	2013-06-10 11:42:14 +02:00
initramfs_data.bz2.S	bzip2/lzma: fix built-in initramfs vs CONFIG_RD_GZIP	2009-01-07 00:10:27 -08:00
initramfs_data.gz.S	bzip2/lzma: fix built-in initramfs vs CONFIG_RD_GZIP	2009-01-07 00:10:27 -08:00
initramfs_data.lzma.S	bzip2/lzma: fix built-in initramfs vs CONFIG_RD_GZIP	2009-01-07 00:10:27 -08:00
initramfs_data.S	bzip2/lzma: fix built-in initramfs vs CONFIG_RD_GZIP	2009-01-07 00:10:27 -08:00
Kconfig	bzip2/lzma: quiet Kconfig warning for INITRAMFS_COMPRESSION_NONE	2009-03-31 23:51:56 -07:00
Makefile	kbuild: correct initramfs compression comment	2009-09-20 12:27:41 +02:00