drop oboslete ocfs2 patch
now upstreamed in a slightly different way Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht
parent
92e753f360
commit
fda70d3865
@ -1,68 +0,0 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Valentin Vidic <vvidic@valentin-vidic.from.hr>
|
||||
Date: Mon, 27 Sep 2021 17:44:59 +0200
|
||||
Subject: [PATCH] ocfs2: mount fails with buffer overflow in strlen
|
||||
|
||||
Starting with kernel v5.11 mouting an ocfs2 filesystem with either o2cb
|
||||
or pcmk cluster stack fails with the trace below. Problem seems to be
|
||||
that strings for cluster stack and cluster name are not guaranteed to be
|
||||
null terminated in the disk representation, while strlcpy assumes that
|
||||
the source string is always null terminated. This causes a read outside
|
||||
of the source string triggering the buffer overflow detection.
|
||||
|
||||
detected buffer overflow in strlen
|
||||
------------[ cut here ]------------
|
||||
kernel BUG at lib/string.c:1149!
|
||||
invalid opcode: 0000 [#1] SMP PTI
|
||||
CPU: 1 PID: 910 Comm: mount.ocfs2 Not tainted 5.14.0-1-amd64 #1
|
||||
Debian 5.14.6-2
|
||||
RIP: 0010:fortify_panic+0xf/0x11
|
||||
...
|
||||
Call Trace:
|
||||
ocfs2_initialize_super.isra.0.cold+0xc/0x18 [ocfs2]
|
||||
ocfs2_fill_super+0x359/0x19b0 [ocfs2]
|
||||
mount_bdev+0x185/0x1b0
|
||||
? ocfs2_remount+0x440/0x440 [ocfs2]
|
||||
legacy_get_tree+0x27/0x40
|
||||
vfs_get_tree+0x25/0xb0
|
||||
path_mount+0x454/0xa20
|
||||
__x64_sys_mount+0x103/0x140
|
||||
do_syscall_64+0x3b/0xc0
|
||||
entry_SYSCALL_64_after_hwframe+0x44/0xae
|
||||
|
||||
Signed-off-by: Valentin Vidic <vvidic@valentin-vidic.from.hr>
|
||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
||||
---
|
||||
fs/ocfs2/super.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c
|
||||
index c86bd4e60e20..1dea535224df 100644
|
||||
--- a/fs/ocfs2/super.c
|
||||
+++ b/fs/ocfs2/super.c
|
||||
@@ -2169,9 +2169,10 @@ static int ocfs2_initialize_super(struct super_block *sb,
|
||||
if (ocfs2_clusterinfo_valid(osb)) {
|
||||
osb->osb_stackflags =
|
||||
OCFS2_RAW_SB(di)->s_cluster_info.ci_stackflags;
|
||||
- strlcpy(osb->osb_cluster_stack,
|
||||
+ memcpy(osb->osb_cluster_stack,
|
||||
OCFS2_RAW_SB(di)->s_cluster_info.ci_stack,
|
||||
- OCFS2_STACK_LABEL_LEN + 1);
|
||||
+ OCFS2_STACK_LABEL_LEN);
|
||||
+ osb->osb_cluster_stack[OCFS2_STACK_LABEL_LEN] = '\0';
|
||||
if (strlen(osb->osb_cluster_stack) != OCFS2_STACK_LABEL_LEN) {
|
||||
mlog(ML_ERROR,
|
||||
"couldn't mount because of an invalid "
|
||||
@@ -2180,9 +2181,10 @@ static int ocfs2_initialize_super(struct super_block *sb,
|
||||
status = -EINVAL;
|
||||
goto bail;
|
||||
}
|
||||
- strlcpy(osb->osb_cluster_name,
|
||||
+ memcpy(osb->osb_cluster_name,
|
||||
OCFS2_RAW_SB(di)->s_cluster_info.ci_cluster,
|
||||
- OCFS2_CLUSTER_NAME_LEN + 1);
|
||||
+ OCFS2_CLUSTER_NAME_LEN);
|
||||
+ osb->osb_cluster_name[OCFS2_CLUSTER_NAME_LEN] = '\0';
|
||||
} else {
|
||||
/* The empty string is identical with classic tools that
|
||||
* don't know about s_cluster_info. */
|
||||
Loading…
Reference in New Issue
Block a user