Re: [BUG] hfs_find_init() sb->ext_tree NULL pointer dereference

From: Christoph Hellwig
Date: Fri Jun 10 2011 - 17:40:46 EST

Next message: H Hartley Sweeten: "[PATCH] kernel/time/jiffies.c: local symbols should be static"
Previous message: Emese Revfy: "Re: [Cocci] Re: status of constification"
In reply to: Clement LECIGNE: "[BUG] hfs_find_init() sb->ext_tree NULL pointer dereference"
Next in thread: Clement LECIGNE: "Re: [BUG] hfs_find_init() sb->ext_tree NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 08, 2011 at 01:07:55PM +0200, Clement LECIGNE wrote:
> Hi,
>
> hfs_find_init() is wrongly assuming that sb->ext_tree has already been opened
> and is not NULL but this function can be called when sb->ext_tree is currently
> being opened (NULL deref).

Well, it can't happen in practice. The extent file always fits into
the first blocks for a valid extents file. And yes, you could
artifically construct a filesystem where this is not true, and if you
want to be cool call it a security issue. But in the end anyone who
mounts untrusted disk images has much worse issues than this, so don't
do it.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: H Hartley Sweeten: "[PATCH] kernel/time/jiffies.c: local symbols should be static"
Previous message: Emese Revfy: "Re: [Cocci] Re: status of constification"
In reply to: Clement LECIGNE: "[BUG] hfs_find_init() sb->ext_tree NULL pointer dereference"
Next in thread: Clement LECIGNE: "Re: [BUG] hfs_find_init() sb->ext_tree NULL pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]