diff options
| author | Christopher Haster <chaster@utexas.edu> | 2018-08-22 02:15:40 +0300 |
|---|---|---|
| committer | Christopher Haster <chaster@utexas.edu> | 2018-09-04 21:57:22 +0300 |
| commit | 3419284689ead61c6905d61359a2b62a8c09c75d (patch) | |
| tree | 767f245462a6a59f61febb70c56853c9192b690e /lfs.c | |
| parent | 510cd13df99843174899aa3ddabcbc889c7872e8 (diff) | |
Fixed issue with corruption due to different cache sizes
The lfs_cache_zero function that was recently added assumed a single cache
size, which is incorrect. This would cause a buffer overflow if
read_size != prog_size.
Since lfs_cache_zero is only used for scrubbing prog caches, the fix
here is to use lfs_cache_drop instead on read caches. Info in read
caches should never make its way to disk.
Found by nstcl
Diffstat (limited to 'lfs.c')
| -rw-r--r-- | lfs.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -1373,7 +1373,10 @@ int lfs_file_opencfg(lfs_t *lfs, lfs_file_t *file, } // zero to avoid information leak - lfs_cache_zero(lfs, &file->cache); + lfs_cache_drop(lfs, &file->cache); + if ((file->flags & 3) != LFS_O_RDONLY) { + lfs_cache_zero(lfs, &file->cache); + } // add to list of files file->next = lfs->files; @@ -2055,8 +2058,8 @@ static int lfs_init(lfs_t *lfs, const struct lfs_config *cfg) { } // zero to avoid information leaks - lfs_cache_zero(lfs, &lfs->rcache); lfs_cache_zero(lfs, &lfs->pcache); + lfs_cache_drop(lfs, &lfs->rcache); // setup lookahead, round down to nearest 32-bits LFS_ASSERT(lfs->cfg->lookahead % 32 == 0); |