[PATCH] Suspected information leak (mem pages) in ext2
I think I have discovered a potential security problem in ext2: when a new directory is created, the ext2 block written to disk is not initialized. Included is a proposed patch for Linux 2.6 (ext2_make_empty() function): CAN-2005-0400 is assigned to this issue. Signed-off-by: Chris Wright <chrisw@osdl.org>
This commit is contained in:
parent
ff8b1b95f7
commit
719f9e713a
|
@ -592,6 +592,7 @@ int ext2_make_empty(struct inode *inode, struct inode *parent)
|
|||
goto fail;
|
||||
}
|
||||
kaddr = kmap_atomic(page, KM_USER0);
|
||||
memset(kaddr, 0, chunk_size);
|
||||
de = (struct ext2_dir_entry_2 *)kaddr;
|
||||
de->name_len = 1;
|
||||
de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1));
|
||||
|
|
Loading…
Reference in New Issue