Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp2385519imi; Sun, 24 Jul 2022 18:18:31 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tnQMityLxmPKmIe2SFN4Pgocklr+VYDMrLugumjI405V0zWy3fe+tGafY+2gKAli+6RECp X-Received: by 2002:a17:903:22d2:b0:16c:5575:d510 with SMTP id y18-20020a17090322d200b0016c5575d510mr10048472plg.123.1658711911633; Sun, 24 Jul 2022 18:18:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658711911; cv=none; d=google.com; s=arc-20160816; b=zXcTJvNPrIPPG4jHWxczmCuxpVZgxxZDFUYxt9JI3Kum+pZSFqWFDUlblJrlDtzpAJ SC1asN9R8YGYs7BBQQYhvkFmIFPmtjDGlh4jQZV41t0mwGrtXAcjJZiA0wJWMRoCeHfL no1WXUbtUtXcbCPOMZmaMovNac4F08/KQeOcYU33Zhk/BHJVKtJ63zTlRmARFxmFCFAZ /gci5GtkNWRvkirhxRTn0cSlEIC/eMuBbdl+wMuJ6IUd6oz8NSoC284MJsYqpq0Czhz4 TzumTHIfzD/foSPt4grKxxWc3KCTU9+X6Qg7Z6SUQkrQUkhvBIahxMiq+HgEQJdqskb8 ndHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:message-id:date:cc:to:from:subject; bh=DcUOQHELMf87QkESERIXeeHLvLLfJsQiiH7de2ROcSM=; b=u8BwDq7oJHzYE9nOru7AA0hSf4N9K55PzNWB+aYHeq69gPUWUWAUPgHLRyGfr5fNee b7yjTJL8DmljfNE6rb4oAMtFV3oNyOeuqP84ERpHIefKNnFzr7dbbyN/yXkD0mEZobdD spZCR3cCHSwpLhwslbH+wuSC/tuzDxl1b2Pra5y1pVidjpOei7VQ0IVTyPOBVzSnszng r2B7pFnl1Y5zvIuC93u4cqXh3Au7mzRonvJPuluQoStlsFhBnDErU4jrZyrK/Jli/bll Fx6UVdEnlqDFYbIfzVH+xFG2sIRo4OADYBJ6XsRWyd1Ecjt285L7IdtmiEua+aECFOFK C0Og== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fr3-20020a17090ae2c300b001efe9ca714csi14695918pjb.150.2022.07.24.18.18.16; Sun, 24 Jul 2022 18:18:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231162AbiGYBR1 (ORCPT + 99 others); Sun, 24 Jul 2022 21:17:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229687AbiGYBRY (ORCPT ); Sun, 24 Jul 2022 21:17:24 -0400 Received: from smtp01.aussiebb.com.au (smtp01.aussiebb.com.au [121.200.0.92]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62F92BCA7; Sun, 24 Jul 2022 18:17:23 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp01.aussiebb.com.au (Postfix) with ESMTP id 6017E1003A8; Mon, 25 Jul 2022 11:17:19 +1000 (AEST) X-Virus-Scanned: Debian amavisd-new at smtp01.aussiebb.com.au Received: from smtp01.aussiebb.com.au ([127.0.0.1]) by localhost (smtp01.aussiebb.com.au [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id asN7OfZIUr8M; Mon, 25 Jul 2022 11:17:19 +1000 (AEST) Received: by smtp01.aussiebb.com.au (Postfix, from userid 116) id 54D64100391; Mon, 25 Jul 2022 11:17:19 +1000 (AEST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 Received: from donald.themaw.net (180-150-90-198.b4965a.per.nbn.aussiebb.net [180.150.90.198]) by smtp01.aussiebb.com.au (Postfix) with ESMTP id 36F09100387; Mon, 25 Jul 2022 11:17:17 +1000 (AEST) Subject: [PATCH v3 0/2] vfs: fix a mount table handling problem From: Ian Kent To: Al Viro Cc: Andrew Morton , Siddhesh Poyarekar , David Howells , Miklos Szeredi , Carlos Maiolino , linux-fsdevel , Kernel Mailing List Date: Mon, 25 Jul 2022 09:17:16 +0800 Message-ID: <165871154975.22404.9637671230578653457.stgit@donald.themaw.net> User-Agent: StGit/1.1 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Whenever a mount has an empty "source" (aka mnt_fsname), the glibc function getmntent incorrectly parses its input, resulting in reporting incorrect data to the caller. The problem is that the get_mnt_entry() function in glibc's misc/mntent_r.c assumes that leading whitespace on a line can always be discarded because it will always be followed by a # for the case of a comment or a non-whitespace character that's part of the value of the first field. However, this assumption is violated when the value of the first field is an empty string. This is fixed in the mount API code by simply checking for a pointer that contains a NULL and treating it as a NULL pointer. Changes: v3: added patch to fix zero length string access violation caused after fs parser patch is applied. v2: fix possible oops if conversion functions such as fs_param_is_u32() are called. Signed-off-by: Ian Kent --- Ian Kent (2): ext4: fix possible null pointer dereference vfs: parse: deal with zero length string value fs/ext4/super.c | 4 ++-- fs/fs_context.c | 17 ++++++++++++----- fs/fs_parser.c | 16 ++++++++++++++++ include/linux/fs_context.h | 3 ++- 4 files changed, 32 insertions(+), 8 deletions(-) -- Ian