Re: d_path() truncating excessive long path name vulnerability

S/ash (sl4sh@ifrance.com)
Thu, 28 Mar 2002 00:12:47 +0000


This is a copy of a mail i've sent to bugtraq, i'm not currently a subscriber of linux mailing list but i've thought it could interest you.

Welcome i've made a quick patch for 2.2.20 internationnal kernels. I think it should work also for standard 2.2.20 kernels.
It's just quick so i've not made a lot of test but it works.

you need to apply it to path-to-linux-source/fs/dcache.c

Say me if it doesn't work...
S/ash

*** dcache.c.old Wed Mar 27 14:05:23 2002
--- dcache.c Wed Mar 27 14:34:13 2002
***************
*** 795,801 ****
--- 795,804 ----
namelen = dentry->d_name.len;
buflen -= namelen + 1;
if (buflen < 0)
+ {
+ retval = buffer - 1;
break;
+ }
end -= namelen;
memcpy(end, dentry->d_name.name, namelen);
*--end = '/';

______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/