diff options
author | Darrick J. Wong <darrick.wong@oracle.com> | 2019-02-13 12:48:14 -0800 |
---|---|---|
committer | Eryu Guan <guaneryu@gmail.com> | 2019-02-16 20:03:53 +0800 |
commit | e6897e32b83e2e54c592bd947805a788a3b1c7c8 (patch) | |
tree | 564f5eb6022582b492b78a64cbbd529787dd26b3 /src/Makefile | |
parent | 26e4a81c78d7599b89493da4d7d65b901e6173c2 (diff) |
generic: posix acl extended attribute memory corruption test
XFS had a use-after-free bug when xfs_xattr_put_listent runs out of
listxattr buffer space while trying to store the name
"system.posix_acl_access" and then corrupts memory by not checking
the seen_enough state and then trying to shove
"trusted.SGI_ACL_FILE" into the buffer as well.
In order to tickle the bug in a user visible way we must have
already put a name in the buffer, so we take advantage of the fact
that "security.evm" sorts before "system.posix_acl_access" to make
sure this happens.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Eryu Guan <guaneryu@gmail.com>
Signed-off-by: Eryu Guan <guaneryu@gmail.com>
Diffstat (limited to 'src/Makefile')
-rw-r--r-- | src/Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/Makefile b/src/Makefile index 41826585..ae09eb0a 100644 --- a/src/Makefile +++ b/src/Makefile @@ -27,7 +27,7 @@ LINUX_TARGETS = xfsctl bstat t_mtab getdevicesize preallo_rw_pattern_reader \ renameat2 t_getcwd e4compact test-nextquota punch-alternating \ attr-list-by-handle-cursor-test listxattr dio-interleaved t_dir_type \ dio-invalidate-cache stat_test t_encrypted_d_revalidate \ - attr_replace_test swapon mkswap + attr_replace_test swapon mkswap t_attr_corruption SUBDIRS = log-writes perf |