This is the mail archive of the cluster-cvs@sourceware.org mailing list for the cluster.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

STABLE2 - gfs2: randomize file for savemeta operations

From: "Fabio M. Di Nitto" <fabbione at fedoraproject dot org>
To: cluster-cvs-relay at redhat dot com
Date: Thu, 30 Oct 2008 08:57:26 +0000 (UTC)
Subject: STABLE2 - gfs2: randomize file for savemeta operations

Gitweb:        http://git.fedorahosted.org/git/cluster.git?p=cluster.git;a=commitdiff;h=df5592b2b25b586b06465ef8b756e561fd47b46e
Commit:        df5592b2b25b586b06465ef8b756e561fd47b46e
Parent:        cc25cc497eea07c519139ebbd476050ad223e851
Author:        Fabio M. Di Nitto <fdinitto@redhat.com>
AuthorDate:    Wed Oct 22 08:45:11 2008 +0200
Committer:     Fabio M. Di Nitto <fdinitto@redhat.com>
CommitterDate: Thu Oct 30 09:56:53 2008 +0100

gfs2: randomize file for savemeta operations

by using a static path to /tmp, the operation can be used to trigger
a local DoS by a normal user.

Mitigate the issue by randomizing the output file when none is
specified.

Signed-off-by: Fabio M. Di Nitto <fdinitto@redhat.com>
---
 gfs2/edit/hexedit.c  |    2 +-
 gfs2/edit/savemeta.c |   11 ++++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/gfs2/edit/hexedit.c b/gfs2/edit/hexedit.c
index 534d8cb..6ee9bab 100644
--- a/gfs2/edit/hexedit.c
+++ b/gfs2/edit/hexedit.c
@@ -33,7 +33,7 @@ int display(int identify_only);
 extern void eol(int col);
 extern void do_leaf_extended(char *buf, struct iinfo *indir);
 extern int do_indirect_extended(char *buf, struct iinfo *ii);
-extern void savemeta(const char *out_fn, int slow);
+extern void savemeta(char *out_fn, int slow);
 extern void restoremeta(const char *in_fn, const char *out_device,
 			int printblocksonly);
 
diff --git a/gfs2/edit/savemeta.c b/gfs2/edit/savemeta.c
index 693ac0f..4ee1e5d 100644
--- a/gfs2/edit/savemeta.c
+++ b/gfs2/edit/savemeta.c
@@ -714,7 +714,7 @@ void get_journal_inode_blocks(void)
 	}
 }
 
-void savemeta(const char *out_fn, int saveoption)
+void savemeta(char *out_fn, int saveoption)
 {
 	int out_fd;
 	int slow;
@@ -727,8 +727,13 @@ void savemeta(const char *out_fn, int saveoption)
 	slow = (saveoption == 1);
 	sbd.md.journals = 1;
 
-	if (!out_fn)
-		out_fn = DFT_SAVE_FILE;
+	if (!out_fn) {
+		out_fn = malloc(PATH_MAX);
+		if (!out_fn)
+			die("Can't allocate memory for the operation.\n");
+		memset(out_fn, 0, PATH_MAX);
+		sprintf(out_fn, DFT_SAVE_FILE ".%d", getpid());
+	}
 	out_fd = open(out_fn, O_RDWR | O_CREAT, 0644);
 	if (out_fd < 0)
 		die("Can't open %s: %s\n", out_fn, strerror(errno));

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]