projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 064d9e9) | patch
reiserfs: fix buffer overflow with long warning messages
authorEric Biggers <ebiggers@google.com>
Fri, 13 Jul 2018 23:59:27 +0000 (16:59 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 22 Jul 2018 12:27:39 +0000 (14:27 +0200)
commitec5e52a881fe7df745a45262e486f73fc6bd6b88
tree7d02710ba281556777209ea0194c06c83b57fe72tree | snapshot (tar.gz zip)
parent064d9e9744728d0c10ef5e22e955e8886f3dfccacommit | diff
reiserfs: fix buffer overflow with long warning messages

commit fe10e398e860955bac4d28ec031b701d358465e4 upstream.

ReiserFS prepares log messages into a 1024-byte buffer with no bounds
checks.  Long messages, such as the "unknown mount option" warning when
userspace passes a crafted mount options string, overflow this buffer.
This causes KASAN to report a global-out-of-bounds write.

Fix it by truncating messages to the buffer size.

Link: http://lkml.kernel.org/r/20180707203621.30922-1-ebiggers3@gmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-by: syzbot+b890b3335a4d8c608963@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/reiserfs/prints.c diff | blob | blame | history