aboutsummaryrefslogtreecommitdiffstats
path: root/fs/block_dev.c
diff options
context:
space:
mode:
authorDan Rosenberg <dan.j.rosenberg@gmail.com>2010-07-19 16:58:20 -0400
committerChris Mason <chris.mason@oracle.com>2010-07-19 16:58:20 -0400
commit2ebc3464781ad24474abcbd2274e6254689853b5 (patch)
tree3d58dfcc14948672c0aac1636cdd57cbe46a135d /fs/block_dev.c
parentb5384d48f4e74edec3ca1887cb65e378a72af9a1 (diff)
downloadkernel_goldelico_gta04-2ebc3464781ad24474abcbd2274e6254689853b5.zip
kernel_goldelico_gta04-2ebc3464781ad24474abcbd2274e6254689853b5.tar.gz
kernel_goldelico_gta04-2ebc3464781ad24474abcbd2274e6254689853b5.tar.bz2
Btrfs: fix checks in BTRFS_IOC_CLONE_RANGE
1. The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls should check whether the donor file is append-only before writing to it. 2. The BTRFS_IOC_CLONE_RANGE ioctl appears to have an integer overflow that allows a user to specify an out-of-bounds range to copy from the source file (if off + len wraps around). I haven't been able to successfully exploit this, but I'd imagine that a clever attacker could use this to read things he shouldn't. Even if it's not exploitable, it couldn't hurt to be safe. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> cc: stable@kernel.org Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/block_dev.c')
0 files changed, 0 insertions, 0 deletions