lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue, 05 Feb 2008 01:01:32 -0700
From:	Andreas Dilger <adilger@....com>
To:	"Theodore Ts'o" <tytso@....edu>, linux-ext4@...r.kernel.org
Subject: [PATCH] extra checking for in-inode EAs

When investigating the EA problem reported on this list, I noticed that some
of the checks for the in-inode EAs were removed (possibly when the unordered
EAs-in-inode patch was removed).  The following patch returns the checks for
the e_value_offs.  This passes "make check" with the Lustre EA test cases.

A more complete check (not implemented here) would be to ensure that
the EAs don't overlap as is done with the external EAs.  Some extra
whitespace is removed in the first hunk.

Signed-off-by: Andreas Dilger <adilger@....com>

--- e2fsck/pass1.c.orig	2008-02-04 10:41:50.000000000 -0700
+++ e2fsck/pass1.c	2008-02-04 17:36:34.000000000 -0700
@@ -268,14 +268,14 @@
 	/* scan all entry's headers first */
 
 	/* take finish entry 0UL into account */
-	remain = storage_size - sizeof(__u32); 
+	remain = storage_size - sizeof(__u32);
 
 	while (!EXT2_EXT_IS_LAST_ENTRY(entry)) {
 		__u32 hash;
 
 		/* header eats this space */
 		remain -= sizeof(struct ext2_ext_attr_entry);
-		
+
 		/* is attribute name valid? */
 		if (EXT2_EXT_ATTR_SIZE(entry->e_name_len) > remain) {
 			pctx->num = entry->e_name_len;
@@ -293,6 +293,21 @@
 			goto fix;
 		}
 
+		/* check value placement */
+		if (start + entry->e_value_offs > end) {
+			pctx->num = entry->e_value_offset;
+			problem = PR_1_ATTR_VALUE_OFFSET;
+			goto fix;
+		}
+
+		/* check value offset + size */
+		if (start + entry->e_value_offs +
+		    EXT2_XATTR_SIZE(entry->e_value_size) > end) {
+			pctx->num = entry->e_value_size;
+			problem = PR_1_ATTR_VALUE_SIZE;
+			goto fix;
+		}
+
 		/* e_value_block must be 0 in inode's ea */
 		if (entry->e_value_block != 0) {
 			pctx->num = entry->e_value_block;
@@ -310,7 +325,7 @@
 			goto fix;
 		}
 
-		remain -= entry->e_value_size;
+		remain -= EXT2_XATTR_SIZE(entry->e_value_size);
 
 		entry = EXT2_EXT_ATTR_NEXT(entry);
 	}

Cheers, Andreas
--
Andreas Dilger
Sr. Staff Engineer, Lustre Group
Sun Microsystems of Canada, Inc.

-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ