diff options
| author | Jeff Layton <jlayton@samba.org> | 2011-07-12 08:19:33 -0400 |
|---|---|---|
| committer | Jeff Layton <jlayton@samba.org> | 2011-07-12 08:19:33 -0400 |
| commit | f6eae44a3d05b6515a59651e6bed8b6dde689aec (patch) | |
| tree | 00517eac476b521a2c446cab42e2cc41f0d62aaa /asn1.c | |
| parent | 775610358cb4cff8a6f322d0e8d5fade078f6f54 (diff) | |
| download | cifs-utils-f6eae44a3d05b6515a59651e6bed8b6dde689aec.tar.gz cifs-utils-f6eae44a3d05b6515a59651e6bed8b6dde689aec.tar.bz2 cifs-utils-f6eae44a3d05b6515a59651e6bed8b6dde689aec.zip | |
mtab: handle ENOSPC/EFBIG condition properly when altering mtab
It's possible that when mount.cifs goes to append the mtab that there
won't be enough space to do so, and the mntent won't be appended to the
file in its entirety.
Add a my_endmntent routine that will fflush and then fsync the FILE if
that succeeds. If either fails then it will truncate the file back to
its provided size. It will then call endmntent unconditionally.
Have add_mtab call fstat on the opened mtab file in order to get the
size of the file before it has been appended. Assuming that that
succeeds, use my_endmntent to ensure that the file is not corrupted
before closing it. It's possible that we'll have a small race window
where the mtab is incorrect, but it should be quickly corrected.
This was reported some time ago as CVE-2011-1678:
http://openwall.com/lists/oss-security/2011/03/04/9
...and it seems to fix the reproducer that I was able to come up with.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Suresh Jayaraman <sjayaraman@suse.de>
Diffstat (limited to 'asn1.c')
0 files changed, 0 insertions, 0 deletions