diff options
| author | Amerigo Wang <[email protected]> | 2009-12-14 17:57:37 -0800 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2009-12-15 08:53:10 -0800 |
| commit | ec81aecb29668ad71f699f4e7b96ec46691895b6 (patch) | |
| tree | 0a66a8fb41689955e3400cba7fc7419f4183dec5 /tools/perf/scripts/python | |
| parent | 4b731d50ff3df6b9141a6c12b088e8eb0109e83c (diff) | |
hfs: fix a potential buffer overflow
A specially-crafted Hierarchical File System (HFS) filesystem could cause
a buffer overflow to occur in a process's kernel stack during a memcpy()
call within the hfs_bnode_read() function (at fs/hfs/bnode.c:24). The
attacker can provide the source buffer and length, and the destination
buffer is a local variable of a fixed length. This local variable (passed
as "&entry" from fs/hfs/dir.c:112 and allocated on line 60) is stored in
the stack frame of hfs_bnode_read()'s caller, which is hfs_readdir().
Because the hfs_readdir() function executes upon any attempt to read a
directory on the filesystem, it gets called whenever a user attempts to
inspect any filesystem contents.
[[email protected]: modify this patch and fix coding style problems]
Signed-off-by: WANG Cong <[email protected]>
Cc: Eugene Teo <[email protected]>
Cc: Roman Zippel <[email protected]>
Cc: Al Viro <[email protected]>
Cc: Christoph Hellwig <[email protected]>
Cc: Alexey Dobriyan <[email protected]>
Cc: Dave Anderson <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python')
0 files changed, 0 insertions, 0 deletions