Commit 6762b938 authored Oct 30, 2010 by Kulikov Vasiliy Committed by Alex Elder Nov 10, 2010

xfs: xfs_ioctl: fix information leak to userland

al_hreq is copied from userland. If al_hreq.buflen is not properly aligned
then xfs_attr_list will ignore the last bytes of kbuf. These bytes are
unitialized. It leads to leaking of contents of kernel stack memory.

Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Alex Elder <aelder@sgi.com>

parent 5d0af85c

fs/xfs/linux-2.6/xfs_ioctl.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -416,7 +416,7 @@ xfs_attrlist_by_handle(
		if (IS_ERR(dentry))
		return PTR_ERR(dentry);

		kbuf = kmalloc(al_hreq.buflen, GFP_KERNEL);
		kbuf = kzalloc(al_hreq.buflen, GFP_KERNEL);
		if (!kbuf)
		goto out_dput;