aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMiklos Szeredi <miklos@szeredi.hu>2005-06-02 09:05:00 +0000
committerMiklos Szeredi <miklos@szeredi.hu>2005-06-02 09:05:00 +0000
commit46960cebc16c926ab025bbbc62a682dd826ad404 (patch)
tree18bf08bae42ebbcd9d651457e53b0b5cf316028f
parent33be22dbfbf4a6b0ddfb9aad80c0bbb43b17fc37 (diff)
downloadlibfuse-46960cebc16c926ab025bbbc62a682dd826ad404.tar.gz
security fix
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--Filesystems2
-rw-r--r--kernel/dev.c2
3 files changed, 10 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index fe88ba4..698b3c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2005-06-02 Miklos Szeredi <miklos@szeredi.hu>
+
+ * Fix serious information leak: if the filesystem returns a short
+ byte count to a read request, and there are non-zero number of
+ pages which are not filled at all, these pages will not be zeroed.
+ Hence the user can read out previous memory contents. Found by
+ Sven Tantau.
+
2005-05-27 Miklos Szeredi <miklos@szeredi.hu>
* Add "readdir_ino" mount option, which tries to fill in the d_ino
diff --git a/Filesystems b/Filesystems
index 38e30d7..4c8fb75 100644
--- a/Filesystems
+++ b/Filesystems
@@ -283,7 +283,7 @@ Name: SSHFS-FUSE
Author: Miklos Szeredi / miklos at szeredi hu
-Homepage: http://sourceforge.net/project/showfiles.php?group_id=121684&package_id=140425
+Homepage: http://fuse.sourceforge.net/sshfs.html
Description:
diff --git a/kernel/dev.c b/kernel/dev.c
index 0bad236..81cc2be 100644
--- a/kernel/dev.c
+++ b/kernel/dev.c
@@ -563,7 +563,7 @@ static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes,
unsigned offset = req->page_offset;
unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset);
- for (i = 0; i < req->num_pages && nbytes; i++) {
+ for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) {
struct page *page = req->pages[i];
int err = fuse_copy_page(cs, page, offset, count, zeroing);
if (err)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-08 00:22:53 +0000