diff options
| -rw-r--r-- | ChangeLog | 8 | ||||
| -rw-r--r-- | Filesystems | 2 | ||||
| -rw-r--r-- | kernel/dev.c | 2 |
3 files changed, 10 insertions, 2 deletions
@@ -1,3 +1,11 @@ +2005-06-02 Miklos Szeredi <miklos@szeredi.hu> + + * Fix serious information leak: if the filesystem returns a short + byte count to a read request, and there are non-zero number of + pages which are not filled at all, these pages will not be zeroed. + Hence the user can read out previous memory contents. Found by + Sven Tantau. + 2005-05-27 Miklos Szeredi <miklos@szeredi.hu> * Add "readdir_ino" mount option, which tries to fill in the d_ino diff --git a/Filesystems b/Filesystems index 38e30d7..4c8fb75 100644 --- a/Filesystems +++ b/Filesystems @@ -283,7 +283,7 @@ Name: SSHFS-FUSE Author: Miklos Szeredi / miklos at szeredi hu -Homepage: http://sourceforge.net/project/showfiles.php?group_id=121684&package_id=140425 +Homepage: http://fuse.sourceforge.net/sshfs.html Description: diff --git a/kernel/dev.c b/kernel/dev.c index 0bad236..81cc2be 100644 --- a/kernel/dev.c +++ b/kernel/dev.c @@ -563,7 +563,7 @@ static int fuse_copy_pages(struct fuse_copy_state *cs, unsigned nbytes, unsigned offset = req->page_offset; unsigned count = min(nbytes, (unsigned) PAGE_SIZE - offset); - for (i = 0; i < req->num_pages && nbytes; i++) { + for (i = 0; i < req->num_pages && (nbytes || zeroing); i++) { struct page *page = req->pages[i]; int err = fuse_copy_page(cs, page, offset, count, zeroing); if (err) |