mirrors/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2025-11-04 02:30:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

[PATCH] name_count array overrun

Browse source 
Hi,

This patch removes the rdev logging from the previous patch

The below patch closes an unbounded use of name_count. This can lead to oopses
in some new file systems.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Steve Grubb 2006-09-28 14:31:32 -04:00 committed by Al Viro
parent 419c58f11f
commit ac9910ce01
1 changed files with 17 additions and 2 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

19
kernel/auditsc.c
View file

@ -1357,7 +1357,13 @@ void __audit_inode_child(const char *dname, const struct inode *inode,
} }
update_context: update_context:
idx = context->name_count++; idx = context->name_count;
if (context->name_count == AUDIT_NAMES) {
printk(KERN_DEBUG "name_count maxed and losing %s\n",
found_name ?: "(null)");
return;
}
context->name_count++;
#if AUDIT_DEBUG #if AUDIT_DEBUG
context->ino_count++; context->ino_count++;
#endif #endif
@ -1375,7 +1381,16 @@ void __audit_inode_child(const char *dname, const struct inode *inode,
/* A parent was not found in audit_names, so copy the inode data for the /* A parent was not found in audit_names, so copy the inode data for the
* provided parent. */ * provided parent. */
if (!found_name) { if (!found_name) {
idx = context->name_count++; idx = context->name_count;
if (context->name_count == AUDIT_NAMES) {
printk(KERN_DEBUG
"name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu",
MAJOR(parent->i_sb->s_dev),
MINOR(parent->i_sb->s_dev),
parent->i_ino);
return;
}
context->name_count++;
#if AUDIT_DEBUG #if AUDIT_DEBUG
context->ino_count++; context->ino_count++;
#endif #endif