[Lucid,CVE-2012-6548] udf: avoid info leak on export

Submitted by Luis Henriques on March 26, 2013, 5:19 p.m.

Details

Message ID 1364318378-17174-1-git-send-email-luis.henriques@canonical.com
State New
Headers show

Commit Message

Luis Henriques March 26, 2013, 5:19 p.m. 
From: Mathias Krause <minipli@googlemail.com>

CVE-2012-6548

BugLink: http://bugs.launchpad.net/bugs/1156768

For type 0x51 the udf.parent_partref member in struct fid gets copied
uninitialized to userland. Fix this by initializing it to 0.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
(cherry picked from commit 0143fc5e9f6f5aad4764801015bc8d4b4a278200)

Signed-off-by: Luis Henriques <luis.henriques@canonical.com>
---
 fs/udf/namei.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Tim Gardner March 26, 2013, 5:42 p.m.

Patch hide | download patch | download mbox 

diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index 21dad8c..b754151 100644
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -1331,6 +1331,7 @@  static int udf_encode_fh(struct dentry *de, __u32 *fh, int *lenp,
 	*lenp = 3;
 	fid->udf.block = location.logicalBlockNum;
 	fid->udf.partref = location.partitionReferenceNum;
+	fid->udf.parent_partref = 0;
 	fid->udf.generation = inode->i_generation;
 
 	if (connectable && !S_ISDIR(inode->i_mode)) {