[PATCH 2.4] Fix d_path() truncating excessive long path name vulnerability

From: Marc-Christian Petersen (m.c.p@wolk-project.de)
Date: Mon Dec 09 2002 - 21:28:21 EST

Next message: Marc-Christian Petersen: "[PATCH 2.4] ATI Rage 128 Pro (aty128fb) acceleration fix"
Previous message: Marc-Christian Petersen: "[PATCH 2.4] IP: disable ECN support by default - Config option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Marcelo,

there isn't fixed the d_path() long name truncation vulnerability
(see http://cert.uni-stuttgart.de/archive/bugtraq/2002/03/msg00384.html) in
2.4.x up to 2.4.21-BK.

This trivial patch fixes it. Instead of truncating the path with no error,
caller gets ENAMETOOLONG.

Patch credits go to Jirka Kosina.

Has been in WOLK and in -aa kernels for ages.

ciao, Marc

text/x-diff attachment: getcwd-err-1.patch

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marc-Christian Petersen: "[PATCH 2.4] ATI Rage 128 Pro (aty128fb) acceleration fix"
Previous message: Marc-Christian Petersen: "[PATCH 2.4] IP: disable ECN support by default - Config option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Dec 15 2002 - 22:00:16 EST