Commit ac9910ce authored by Steve Grubb's avatar Steve Grubb Committed by Al Viro
Browse files

[PATCH] name_count array overrun 



Hi,

This patch removes the rdev logging from the previous patch

The below patch closes an unbounded use of name_count. This can lead to oopses
in some new file systems.

Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 419c58f1

kernel/auditsc.c

+17 −2
Original line number Diff line number Diff line
@@ -1357,7 +1357,13 @@ void __audit_inode_child(const char *dname, const struct inode *inode, 
		}



update_context:

	idx = context->name_count++;

	idx = context->name_count;

	if (context->name_count == AUDIT_NAMES) {

		printk(KERN_DEBUG "name_count maxed and losing %s\n",

			found_name ?: "(null)");

		return;

	}

	context->name_count++;

#if AUDIT_DEBUG

	context->ino_count++;

#endif
@@ -1375,7 +1381,16 @@ update_context: 
	/* A parent was not found in audit_names, so copy the inode data for the

	 * provided parent. */

	if (!found_name) {

		idx = context->name_count++;

		idx = context->name_count;

		if (context->name_count == AUDIT_NAMES) {

			printk(KERN_DEBUG

				"name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu",

				MAJOR(parent->i_sb->s_dev),

				MINOR(parent->i_sb->s_dev),

				parent->i_ino);

			return;

		}

		context->name_count++;

#if AUDIT_DEBUG

		context->ino_count++;

#endif

CRA Git | Maintained and supported by SUSTech CRA and CCSE