diff options
author | Axel Burri <axel@tty0.ch> | 2018-02-17 16:05:34 +0100 |
---|---|---|
committer | David Sterba <dsterba@suse.com> | 2018-02-19 19:07:02 +0100 |
commit | c5dc299aff6b4ee3e3490a046fcf9bf8d1c41af5 (patch) | |
tree | 1a012fe003ac1f25efd792aea6e50048318b2a11 | |
parent | d62bd380797d3a990b2229ea6c16956972f7dfe0 (diff) |
btrfs-progs: prevent incorrect use of subvol_strip_mountpoint
Add additional bound checks to prevent memory corruption on incorrect
usage of subvol_strip_mountpoint. Assert sane return value by properly
comparing the mount point to the full_path before stripping it off.
Mitigates issue: "btrfs send -p" fails if source and parent subvolumes
are on different mountpoints (memory corruption):
https://github.com/kdave/btrfs-progs/issues/96
Note that this does not properly fix this bug, but prevents a possible
security issue by unexpected usage of "btrfs send -p".
Issue: #96
Pull-request: #98
Signed-off-by: Axel Burri <axel@tty0.ch>
Signed-off-by: David Sterba <dsterba@suse.com>
-rw-r--r-- | utils.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -2484,6 +2484,11 @@ const char *subvol_strip_mountpoint(const char *mnt, const char *full_path) if (!len) return full_path; + if ((strncmp(mnt, full_path, len) != 0) || (full_path[len] != '/')) { + error("not on mount point: %s", mnt); + exit(1); + } + if (mnt[len - 1] != '/') len += 1; |