lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [month] [year] [list] 
Date:	Tue, 05 Feb 2008 01:01:32 -0700
From:	Andreas Dilger <adilger@....com>
To:	"Theodore Ts'o" <tytso@....edu>, linux-ext4@...r.kernel.org
Subject: [PATCH] extra checking for in-inode EAs

When investigating the EA problem reported on this list, I noticed that some
of the checks for the in-inode EAs were removed (possibly when the unordered
EAs-in-inode patch was removed).  The following patch returns the checks for
the e_value_offs.  This passes "make check" with the Lustre EA test cases.

A more complete check (not implemented here) would be to ensure that
the EAs don't overlap as is done with the external EAs.  Some extra
whitespace is removed in the first hunk.

Signed-off-by: Andreas Dilger <adilger@....com>

--- e2fsck/pass1.c.orig	2008-02-04 10:41:50.000000000 -0700
+++ e2fsck/pass1.c	2008-02-04 17:36:34.000000000 -0700
@@ -268,14 +268,14 @@
 	/* scan all entry's headers first */
 
 	/* take finish entry 0UL into account */
-	remain = storage_size - sizeof(__u32); 
+	remain = storage_size - sizeof(__u32);
 
 	while (!EXT2_EXT_IS_LAST_ENTRY(entry)) {
 		__u32 hash;
 
 		/* header eats this space */
 		remain -= sizeof(struct ext2_ext_attr_entry);
-		
+
 		/* is attribute name valid? */
 		if (EXT2_EXT_ATTR_SIZE(entry->e_name_len) > remain) {
 			pctx->num = entry->e_name_len;
@@ -293,6 +293,21 @@
 			goto fix;
 		}
 
+		/* check value placement */
+		if (start + entry->e_value_offs > end) {
+			pctx->num = entry->e_value_offset;
+			problem = PR_1_ATTR_VALUE_OFFSET;
+			goto fix;
+		}
+
+		/* check value offset + size */
+		if (start + entry->e_value_offs +
+		    EXT2_XATTR_SIZE(entry->e_value_size) > end) {
+			pctx->num = entry->e_value_size;
+			problem = PR_1_ATTR_VALUE_SIZE;
+			goto fix;
+		}
+
 		/* e_value_block must be 0 in inode's ea */
 		if (entry->e_value_block != 0) {
 			pctx->num = entry->e_value_block;
@@ -310,7 +325,7 @@
 			goto fix;
 		}
 
-		remain -= entry->e_value_size;
+		remain -= EXT2_XATTR_SIZE(entry->e_value_size);
 
 		entry = EXT2_EXT_ATTR_NEXT(entry);
 	}

Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.

-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux