[PATCH] Suspected information leak (mem pages) in ext2

I think I have discovered a potential security problem in ext2: when a
new directory is created, the ext2 block written to disk is not
initialized.

Included is a proposed patch for Linux 2.6 (ext2_make_empty() function):

CAN-2005-0400 is assigned to this issue.

Signed-off-by: Chris Wright <chrisw@osdl.org>

diff --git a/fs/ext2/dir.c b/fs/ext2/dir.c
index e009152297a64cd563d990a6486a614dea9eda9d..5b5f52876b427fc848bb934dbf7e4a7cd8160d7d 100644 (file)
--- a/fs/ext2/dir.c
+++ b/fs/ext2/dir.c
@@ -592,6 +592,7 @@ int ext2_make_empty(struct inode *inode, struct inode *parent)
                goto fail;
        }
        kaddr = kmap_atomic(page, KM_USER0);
+       memset(kaddr, 0, chunk_size);
        de = (struct ext2_dir_entry_2 *)kaddr;
        de->name_len = 1;
        de->rec_len = cpu_to_le16(EXT2_DIR_REC_LEN(1));