From: Stefan Behrens Date: Mon, 5 Nov 2012 13:10:49 +0000 (+0000) Subject: Btrfs: Don't trust the superblock label and simply printk("%s") it X-Git-Tag: firefly_0821_release~3680^2~1158^2~92 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=d03f918ab9036cc71740c0aa796c8e02e6f6f6d3;p=firefly-linux-kernel-4.4.55.git Btrfs: Don't trust the superblock label and simply printk("%s") it Someone who is root or capable(CAP_SYS_ADMIN) could corrupt the superblock and make Btrfs printk("%s") crash while holding the uuid_mutex since nobody forces a limit on the string. Since the uuid_mutex is significant, the system would be unusable afterwards. Signed-off-by: Stefan Behrens Reviewed-by: David Sterba Signed-off-by: Chris Mason --- diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index 3f4bfee66d7b..db79fb7e7e91 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -764,10 +764,13 @@ int btrfs_scan_one_device(const char *path, fmode_t flags, void *holder, devid = btrfs_stack_device_id(&disk_super->dev_item); transid = btrfs_super_generation(disk_super); total_devices = btrfs_super_num_devices(disk_super); - if (disk_super->label[0]) + if (disk_super->label[0]) { + if (disk_super->label[BTRFS_LABEL_SIZE - 1]) + disk_super->label[BTRFS_LABEL_SIZE - 1] = '\0'; printk(KERN_INFO "device label %s ", disk_super->label); - else + } else { printk(KERN_INFO "device fsid %pU ", disk_super->fsid); + } printk(KERN_CONT "devid %llu transid %llu %s\n", (unsigned long long)devid, (unsigned long long)transid, path); ret = device_list_add(path, disk_super, devid, fs_devices_ret);