[Lucid CVE-2012-6548] udf: avoid info leak on export
Luis Henriques
luis.henriques at canonical.com
Tue Mar 26 17:19:38 UTC 2013
From: Mathias Krause <minipli at googlemail.com>
CVE-2012-6548
BugLink: http://bugs.launchpad.net/bugs/1156768
For type 0x51 the udf.parent_partref member in struct fid gets copied
uninitialized to userland. Fix this by initializing it to 0.
Signed-off-by: Mathias Krause <minipli at googlemail.com>
Signed-off-by: Jan Kara <jack at suse.cz>
(cherry picked from commit 0143fc5e9f6f5aad4764801015bc8d4b4a278200)
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
fs/udf/namei.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index 21dad8c..b754151 100644
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -1331,6 +1331,7 @@ static int udf_encode_fh(struct dentry *de, __u32 *fh, int *lenp,
*lenp = 3;
fid->udf.block = location.logicalBlockNum;
fid->udf.partref = location.partitionReferenceNum;
+ fid->udf.parent_partref = 0;
fid->udf.generation = inode->i_generation;
if (connectable && !S_ISDIR(inode->i_mode)) {
--
1.8.1.2
More information about the kernel-team
mailing list