Patchwork [3.5.y.z,extended,stable] Patch "ext3: Fix format string issues" has been added to staging queue

login
register
mail settings
Submitter Luis Henriques
Date March 19, 2013, 12:22 p.m.
Message ID <1363695752-7754-1-git-send-email-luis.henriques@canonical.com>
Download mbox | patch
Permalink /patch/229028/
State New
Headers show

Comments

Luis Henriques - March 19, 2013, 12:22 p.m.
This is a note to let you know that I have just added a patch titled

    ext3: Fix format string issues

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

From 7c1a152de85d791d3a88350eb19ab4f892d0acea Mon Sep 17 00:00:00 2001
From: Lars-Peter Clausen <lars@metafoo.de>
Date: Sat, 9 Mar 2013 15:28:44 +0100
Subject: [PATCH] ext3: Fix format string issues

commit 8d0c2d10dd72c5292eda7a06231056a4c972e4cc upstream.

ext3_msg() takes the printk prefix as the second parameter and the
format string as the third parameter. Two callers of ext3_msg omit the
prefix and pass the format string as the second parameter and the first
parameter to the format string as the third parameter. In both cases
this string comes from an arbitrary source. Which means the string may
contain format string characters, which will
lead to undefined and potentially harmful behavior.

The issue was introduced in commit 4cf46b67eb("ext3: Unify log messages
in ext3") and is fixed by this patch.

Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
Signed-off-by: Jan Kara <jack@suse.cz>
Luis Henriques <luis.henriques@canonical.com>
---
 fs/ext3/super.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--
1.8.1.2

Patch

diff --git a/fs/ext3/super.c b/fs/ext3/super.c
index 8c3a44b..4da6c46 100644
--- a/fs/ext3/super.c
+++ b/fs/ext3/super.c
@@ -364,7 +364,7 @@  static struct block_device *ext3_blkdev_get(dev_t dev, struct super_block *sb)
 	return bdev;

 fail:
-	ext3_msg(sb, "error: failed to open journal device %s: %ld",
+	ext3_msg(sb, KERN_ERR, "error: failed to open journal device %s: %ld",
 		__bdevname(dev, b), PTR_ERR(bdev));

 	return NULL;
@@ -893,7 +893,7 @@  static ext3_fsblk_t get_sb_block(void **data, struct super_block *sb)
 	/*todo: use simple_strtoll with >32bit ext3 */
 	sb_block = simple_strtoul(options, &options, 0);
 	if (*options && *options != ',') {
-		ext3_msg(sb, "error: invalid sb specification: %s",
+		ext3_msg(sb, KERN_ERR, "error: invalid sb specification: %s",
 		       (char *) *data);
 		return 1;
 	}