File 0016-metadump-Zero-unused-tail-of-symlink-blocks.patch of Package xfsprogs.5309

From 23b2ae23d97bfe5fa5e405c91e0340828288e2cd Mon Sep 17 00:00:00 2001
From: Eric Sandeen <sandeen@sandeen.net>
Date: Thu, 30 Jul 2015 09:21:08 +1000
Subject: [PATCH 16/20] metadump: Zero unused tail of symlink blocks
References: bsc#939367 CVE-2012-2150

Symlink blocks may contain stale data past the end
of their content; zero it out.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Acked-by: Jan Kara <jack@suse.com>

---
 db/metadump.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/db/metadump.c b/db/metadump.c
index 462623652b6f..c40c896e05f6 100644
--- a/db/metadump.c
+++ b/db/metadump.c
@@ -1282,15 +1282,27 @@ process_dir_data_block(
 }
 
 static void
-obfuscate_symlink_block(
+process_symlink_block(
 	char			*block)
 {
+	char *link = block;
+
 	if (xfs_sb_version_hascrc(&(mp)->m_sb))
-		block += sizeof(struct xfs_dsymlink_hdr);
+		link += sizeof(struct xfs_dsymlink_hdr);
+
+	if (obfuscate)
+		obfuscate_path_components(link, XFS_SYMLINK_BUF_SPACE(mp,
+							mp->m_sb.sb_blocksize));
+	if (zero_stale_data) {
+		size_t	linklen, zlen;
 
-	obfuscate_path_components(block,
-				  XFS_SYMLINK_BUF_SPACE(mp,
-					mp->m_sb.sb_blocksize));
+		linklen = strlen(link);
+		zlen = mp->m_sb.sb_blocksize - linklen;
+		if (xfs_sb_version_hascrc(&mp->m_sb))
+			zlen -= sizeof(struct xfs_dsymlink_hdr);
+		if (zlen < mp->m_sb.sb_blocksize)
+			memset(link + linklen, 0, zlen);
+	}
 }
 
 #define MAX_REMOTE_VALS		4095
@@ -1444,10 +1456,8 @@ process_single_fsb_objects(
 			iocur_top->need_crc = 1;
 			break;
 		case TYP_SYMLINK:
-			if (obfuscate) {
-				obfuscate_symlink_block(dp);
-				iocur_top->need_crc = 1;
-			}
+			process_symlink_block(dp);
+			iocur_top->need_crc = 1;
 			break;
 		case TYP_ATTR:
 			if (obfuscate) {
-- 
2.1.4