thr3ads.net - Btrfs devel - [PATCH] Btrfs: Don''t trust the superblock label and simply printk("%s") it [Nov 2012]

If this information is useful, please help other people find it:
Share via:

Stefan Behrens

2012-Nov-05 13:10 UTC

[PATCH] Btrfs: Don''t trust the superblock label and simply printk("%s") it

Someone who is root or capable(CAP_SYS_ADMIN) could corrupt the
superblock and make Btrfs printk("%s") crash while holding the
uuid_mutex since nobody forces a limit on the string. Since the
uuid_mutex is significant, the system would be unusable
afterwards.

Signed-off-by: Stefan Behrens <sbehrens@giantdisaster.de>
---
 fs/btrfs/volumes.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index eeed97d..a429cc6 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -764,10 +764,13 @@ int btrfs_scan_one_device(const char *path, fmode_t flags,
void *holder,
 	devid = btrfs_stack_device_id(&disk_super->dev_item);
 	transid = btrfs_super_generation(disk_super);
 	total_devices = btrfs_super_num_devices(disk_super);
-	if (disk_super->label[0])
+	if (disk_super->label[0]) {
+		if (disk_super->label[BTRFS_LABEL_SIZE - 1])
+			disk_super->label[BTRFS_LABEL_SIZE - 1] = ''\0'';
 		printk(KERN_INFO "device label %s ", disk_super->label);
-	else
+	} else {
 		printk(KERN_INFO "device fsid %pU ", disk_super->fsid);
+	}
 	printk(KERN_CONT "devid %llu transid %llu %s\n",
 	       (unsigned long long)devid, (unsigned long long)transid, path);
 	ret = device_list_add(path, disk_super, devid, fs_devices_ret);
-- 
1.8.0

--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

David Sterba

2012-Nov-05 15:28 UTC

head link

Re: [PATCH] Btrfs: Don''t trust the superblock label and simply printk("%s") it

On Mon, Nov 05, 2012 at 02:10:49PM +0100, Stefan Behrens
wrote:> --- a/fs/btrfs/volumes.c
> +++ b/fs/btrfs/volumes.c
> @@ -764,10 +764,13 @@ int btrfs_scan_one_device(const char *path, fmode_t
flags, void *holder,
>  	devid = btrfs_stack_device_id(&disk_super->dev_item);
>  	transid = btrfs_super_generation(disk_super);
>  	total_devices = btrfs_super_num_devices(disk_super);
> -	if (disk_super->label[0])
> +	if (disk_super->label[0]) {
> +		if (disk_super->label[BTRFS_LABEL_SIZE - 1])
> +			disk_super->label[BTRFS_LABEL_SIZE - 1] = ''\0'';
The label set via ''btrfs fi label'' will also set the last-1
byte to 0,
so this keeps it as expected, although it is silent.

thanks,
Reviewed-by: David Sterba <dsterba@suse.cz>

--
To unsubscribe from this list: send the line "unsubscribe linux-btrfs"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Btrfs devel - Nov 2012 - [PATCH] Btrfs: Don't trust the superblock label and simply printk("%s") it

[PATCH] Btrfs: Don''t trust the superblock label and simply printk("%s") it

Re: [PATCH] Btrfs: Don''t trust the superblock label and simply printk("%s") it