diff options
author | Ian Kent <raven@themaw.net> | 2022-09-20 15:26:23 +0800 |
---|---|---|
committer | Andrew Morton <akpm@linux-foundation.org> | 2022-10-25 21:11:18 -0700 |
commit | ff562437f8cb054f056534ad8e384be69e1d6a69 (patch) | |
tree | 0e70c659225be93c1a78c4618c368bd6e3d2c39f | |
parent | b6fc0c0fd4a1ee44d0ef0656a593268d7438b796 (diff) | |
download | linux-ff562437f8cb054f056534ad8e384be69e1d6a69.tar.gz linux-ff562437f8cb054f056534ad8e384be69e1d6a69.tar.xz |
ext4: fix possible null pointer dereference
Patch series "vfs: fix a mount table handling problem", v3.
Whenever a mount has an empty "source" (aka mnt_fsname), the glibc
function getmntent incorrectly parses its input, resulting in reporting
incorrect data to the caller.
The problem is that the get_mnt_entry() function in glibc's
misc/mntent_r.c assumes that leading whitespace on a line can always be
discarded because it will always be followed by a # for the case of a
comment or a non-whitespace character that's part of the value of the
first field. However, this assumption is violated when the value of the
first field is an empty string.
This is fixed in the mount API code by simply checking for a pointer that
contains a NULL and treating it as a NULL pointer.
This patch (of 2):
It could be the case that the file system parameter ->string value is NULL
rather than a zero length string.
Guard against this possibility in ext4_parse_param().
Link: https://lkml.kernel.org/r/166365872189.39016.10771273319597352356.stgit@donald.themaw.net
Link: https://lkml.kernel.org/r/166365878336.39016.10934709128005232231.stgit@donald.themaw.net
Signed-off-by: Ian Kent <raven@themaw.net>
Reported-by: kernel test robot <oliver.sang@intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Carlos Maiolino <cmaiolino@redhat.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Miklos Szeredi <miklos@szeredi.hu>
Cc: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-rw-r--r-- | fs/ext4/super.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 989365b878a6..7a57dadfe256 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -2099,12 +2099,12 @@ static int ext4_parse_param(struct fs_context *fc, struct fs_parameter *param) switch (token) { #ifdef CONFIG_QUOTA case Opt_usrjquota: - if (!*param->string) + if (!param->string || !*param->string) return unnote_qf_name(fc, USRQUOTA); else return note_qf_name(fc, USRQUOTA, param); case Opt_grpjquota: - if (!*param->string) + if (!param->string || !*param->string) return unnote_qf_name(fc, GRPQUOTA); else return note_qf_name(fc, GRPQUOTA, param); |