[PATCH v15 1/4] Add flags option to get xattr method paired to __vfs_getxattr
Mark Salyzyn
salyzyn at android.com
Wed Nov 6 02:37:04 AEDT 2019
On 11/5/19 1:48 AM, Jan Kara wrote:
>> @@ -228,11 +228,11 @@ static int afs_xattr_get_yfs(const struct xattr_handler *handler,
>> break;
>> case 1:
>> data = buf;
>> - dsize = snprintf(buf, sizeof(buf), "%u", yacl->inherit_flag);
>> + dsize = scnprintf(buf, sizeof(buf), "%u", yacl->inherit_flag);
>> break;
>> case 2:
>> data = buf;
>> - dsize = snprintf(buf, sizeof(buf), "%u", yacl->num_cleaned);
>> + dsize = scnprintf(buf, sizeof(buf), "%u", yacl->num_cleaned);
>> break;
>> case 3:
> These scnprintf() changes (and there are more in the patch) probably
> shouldn't be here... Otherwise the patch still looks good to me :).
>
> Honza
>
Good catch, they were done in locality, I forgot about them, this patch
series has been living for almost a year now and time has become its
enemy ... will spin this as a separate patch. They strike as a security
issue with the possibility of fragile UAF when the code is maintained by
future selves.
-- Mark
More information about the Linux-erofs
mailing list