Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp110922pxu;
        Tue, 1 Dec 2020 07:16:33 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwOC31KBwUTzldlLOJS1ktajhbKff6kGuW8xZ54C5xZD3dtPyQUkWR863z7yX4JTpL2Orn8
X-Received: by 2002:a19:2390:: with SMTP id j138mr1435656lfj.390.1606835792773;
        Tue, 01 Dec 2020 07:16:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1606835792; cv=none;
        d=google.com; s=arc-20160816;
        b=PlXZ4UYIh6+8UZSAEV2UeZk/kedHZ2da0l39fHDYKitx9rVXMvaVc2jBbaxJVuWfd5
         UIxh5N94ACtUzy/D1OYeyWQqGorPAUwIUe+8lEfiV0amCRN9dSHzZ8bJKlYTd/ru8cFK
         Xfb2XwWAtXEe6gZV9/A/h+CFjIO7fdiJDnlqAy7a2efWqeLBMyE6i8eQkezpjnSFvIdR
         femMibPwDTgib3Fl1lfwWennuxaFSRLiOwJmXHpVpF3hmfRg5LuziYg8suy81cmbWiNj
         qnkVGEgcCNScZLJrRbhkWqhNcgwUGUNOS9A2HZF6oJSTbSBJtdMvDzZViM8Gj7Z42xvf
         93ig==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=yzkcgAlwtvMIuObLJ1KQ/OeZ1UUHyamTJCjtV/yoZOc=;
        b=wE5ozT8ywbtu62qq7ma3AHINbs8vYq6rvh2TOgshOoD3Dir6rHsQCJJjxMr3GUMBJb
         EVWI6U34uXzdfvvk/D56OE/KKTD0H39B2Vy/ivNTHHEf5IrtZAJyYxhykiaZaC7CGFgp
         QGxSmtMpTpUBKjgHOnR7FoNwuhQjJ0sfnSPdFzPt490cC8NOABBkHpqtb1yFjiZhUndN
         eNNE68r1VLmp/3miJ3GF1aIdchOQZ9zCjLkEyYAcyvJPSD0vSDAt3HmOUBwNJ2wedXLN
         Ei51gv7n3uT/mrG5kD0J2rTwHWxDpLpLYwKQNkT+JDcB+jyAmADbz08EkcTd/5mfPS40
         WIFg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id t17si74711ejj.562.2020.12.01.07.15.58;
        Tue, 01 Dec 2020 07:16:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389268AbgLAPN5 (ORCPT <rfc822;shibaboy@gmail.com> + 99 others);
        Tue, 1 Dec 2020 10:13:57 -0500
Received: from lilium.sigma-star.at ([109.75.188.150]:58532 "EHLO
        lilium.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S2387592AbgLAPN4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Dec 2020 10:13:56 -0500
Received: from localhost (localhost [127.0.0.1])
        by lilium.sigma-star.at (Postfix) with ESMTP id 0F8CE18172F06;
        Tue,  1 Dec 2020 16:13:14 +0100 (CET)
Received: from lilium.sigma-star.at ([127.0.0.1])
        by localhost (lilium.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032)
        with ESMTP id fliEVs798DrA; Tue,  1 Dec 2020 16:13:13 +0100 (CET)
Received: from lilium.sigma-star.at ([127.0.0.1])
        by localhost (lilium.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026)
        with ESMTP id A7UHHXVABWwE; Tue,  1 Dec 2020 16:13:13 +0100 (CET)
From:   Richard Weinberger <richard@nod.at>
To:     tytso@mit.edu
Cc:     adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org,
        linux-kernel@vger.kernel.org, Richard Weinberger <richard@nod.at>
Subject: [PATCH] ext4: Don't leak old mountpoint samples
Date:   Tue,  1 Dec 2020 16:13:01 +0100
Message-Id: <20201201151301.22025-1-richard@nod.at>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

As soon the first file is opened, ext4 samples the mountpoint
of the filesystem in 64 bytes of the super block.
It does so using strlcpy(), this means that the remaining bytes
in the super block string buffer are untouched.
If the mount point before had a longer path than the current one,
it can be reconstructed.

Consider the case where the fs was mounted to "/media/johnjdeveloper"
and later to "/".
The the super block buffer then contains "/\x00edia/johnjdeveloper".

This case was seen in the wild and caused confusion how the name
of a developer ands up on the super block of a filesystem used
in production...

Fix this by clearing the string buffer before writing to it,

Signed-off-by: Richard Weinberger <richard@nod.at>
---
 fs/ext4/file.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 3ed8c048fb12..dba521250d01 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -809,6 +809,7 @@ static int ext4_sample_last_mounted(struct super_bloc=
k *sb,
 	err =3D ext4_journal_get_write_access(handle, sbi->s_sbh);
 	if (err)
 		goto out_journal;
+	memset(sbi->s_es->s_last_mounted, 0x00, sizeof(sbi->s_es->s_last_mounte=
d));
 	strlcpy(sbi->s_es->s_last_mounted, cp,
 		sizeof(sbi->s_es->s_last_mounted));
 	ext4_handle_dirty_super(handle, sb);
--=20
2.26.2