Commit 321bcf92 authored Oct 21, 2007 by J. Bruce Fields Committed by Linus Torvalds Oct 22, 2007

dcache: don't expose uninitialized memory in /proc/<pid>/fd/<fd>



Well, it's not especially important that target->d_iname get the contents
of dentry->d_iname, but it's important that it get initialized with
*something*, otherwise we're just exposing some random piece of memory to
anyone who reads the link at /proc/<pid>/fd/<fd> for the deleted file, when
it's still held open by someone.

I've run a test program that copies a short (<36 character) name ontop of a
long (>=36 character) name and see that the first time I run it, without
this patch, I get unpredicatable results out of /proc/<pid>/fd/<fd>.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent b68680e4

fs/dcache.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -1479,6 +1479,8 @@ static void switch_names(struct dentry dentry, struct dentry target)
		* dentry:internal, target:external. Steal target's
		* storage and make target internal.
		*/
		memcpy(target->d_iname, dentry->d_name.name,
		dentry->d_name.len + 1);
		dentry->d_name.name = target->d_name.name;
		target->d_name.name = target->d_iname;
		}

Admin message