interesting....
Archan
-------- Original Message --------
Subject: Re: [reiserfs-list] major security bug in reiserfs (may affect
SuSE Linux)
Date: Thu, 11 Jan 2001 14:05:56 +0300
From: Hans Reiser <[EMAIL PROTECTED]>
Organization: Namesys
To: Chris Mason <[EMAIL PROTECTED]>
CC: Marc Lehmann <[EMAIL PROTECTED]>,
[EMAIL PROTECTED],[EMAIL PROTECTED],
[EMAIL PROTECTED]
References: <85470000.979094446@tiny>
Chris Mason wrote:
>
> On Wednesday, January 10, 2001 02:32:09 AM +0100 Marc Lehmann <[EMAIL PROTECTED]> wrote:
> >>> EIP; c013f911 <filldir+20b/221> <=====
> > Trace; c013f706 <filldir+0/221>
> > Trace; c0136e01 <reiserfs_getblk+2a/16d>
> >
>
> Here is a patch against our 2.4 code (3.6.25) that does the
> same as the patch posted for 3.5.29:
>
> -chris
>
> --- linux/include/linux/reiserfs_fs.h.1 Tue Jan 9 21:22:27 2001
> +++ linux/include/linux/reiserfs_fs.h Tue Jan 9 21:22:55 2001
> @@ -926,8 +926,7 @@
> //((block_size - BLKH_SIZE - IH_SIZE - DEH_SIZE * 2) / 2)
>
> // two entries per block (at least)
> -#define REISERFS_MAX_NAME_LEN(block_size) \
> -((block_size - BLKH_SIZE - IH_SIZE - DEH_SIZE))
> +#define REISERFS_MAX_NAME_LEN(block_size) 255
>
>
>
> --- linux/fs/reiserfs/dir.c.1 Tue Jan 9 21:22:19 2001
> +++ linux/fs/reiserfs/dir.c Tue Jan 9 21:21:02 2001
> @@ -142,6 +142,10 @@
> if (!d_name[d_reclen - 1])
> d_reclen = strlen (d_name);
>
> + if (d_reclen > REISERFS_MAX_NAME_LEN(inode->i_sb->s_blocksize)){
> + /* too big to send back to VFS */
> + continue ;
> + }
> d_off = deh_offset (deh);
> filp->f_pos = d_off ;
> d_ino = deh_objectid (deh);
I think that in the short term, so as to make it easier to merge us into
2.4, it is reasonable to
restrict us to small names, so go ahead and merge this code into cvs if
not done already.
Hans
----------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/LIH
