Commit 8d0c2d10 authored by Lars-Peter Clausen's avatar Lars-Peter Clausen Committed by Jan Kara

ext3: Fix format string issues

ext3_msg() takes the printk prefix as the second parameter and the
format string as the third parameter. Two callers of ext3_msg omit the
prefix and pass the format string as the second parameter and the first
parameter to the format string as the third parameter. In both cases
this string comes from an arbitrary source. Which means the string may
contain format string characters, which will
lead to undefined and potentially harmful behavior.

The issue was introduced in commit 4cf46b67("ext3: Unify log messages
in ext3") and is fixed by this patch.

CC: stable@vger.kernel.org
Signed-off-by: default avatarLars-Peter Clausen <lars@metafoo.de>
Signed-off-by: default avatarJan Kara <jack@suse.cz>
parent 68ac8bfb
...@@ -353,7 +353,7 @@ static struct block_device *ext3_blkdev_get(dev_t dev, struct super_block *sb) ...@@ -353,7 +353,7 @@ static struct block_device *ext3_blkdev_get(dev_t dev, struct super_block *sb)
return bdev; return bdev;
fail: fail:
ext3_msg(sb, "error: failed to open journal device %s: %ld", ext3_msg(sb, KERN_ERR, "error: failed to open journal device %s: %ld",
__bdevname(dev, b), PTR_ERR(bdev)); __bdevname(dev, b), PTR_ERR(bdev));
return NULL; return NULL;
...@@ -887,7 +887,7 @@ static ext3_fsblk_t get_sb_block(void **data, struct super_block *sb) ...@@ -887,7 +887,7 @@ static ext3_fsblk_t get_sb_block(void **data, struct super_block *sb)
/*todo: use simple_strtoll with >32bit ext3 */ /*todo: use simple_strtoll with >32bit ext3 */
sb_block = simple_strtoul(options, &options, 0); sb_block = simple_strtoul(options, &options, 0);
if (*options && *options != ',') { if (*options && *options != ',') {
ext3_msg(sb, "error: invalid sb specification: %s", ext3_msg(sb, KERN_ERR, "error: invalid sb specification: %s",
(char *) *data); (char *) *data);
return 1; return 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment