lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 25 Dec 2014 23:31:08 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Jakub Wilk <jwilk@...ian.org>, 773795@...s.debian.org
Cc:	linux-ext4@...r.kernel.org
Subject: Re: Bug#773795: fsck.ext2: memory corruption

I've checked the following fix into the e2fsprogs git repository.
Thanks again for reporting the bug.

     	     	 	       	    	- Ted

commit 13f450addb3c9624987e62e9978e793d874c060d
Author: Theodore Ts'o <tytso@....edu>
Date:   Thu Dec 25 23:18:32 2014 -0500

    libext2fs: add sanity check for an invalid itable_used value in inode scan code
    
    If the number of unused inodes is greater than number of inodes a
    block group, this can cause an e2fsck -n run of the file system to
    crash.
    
    We should add more checks to e2fsck to detect this case directly, but
    this will at least protect progams (tune2fs, dump, etc.) which use the
    inode_scan abstraction from crashing on an invalid file system.
    
    Addresses-Debian-Bug: #773795
    
    Signed-off-by: Theodore Ts'o <tytso@....edu>

diff --git a/lib/ext2fs/inode.c b/lib/ext2fs/inode.c
index 573a8fa..a2f2ecd 100644
--- a/lib/ext2fs/inode.c
+++ b/lib/ext2fs/inode.c
@@ -150,8 +150,11 @@ errcode_t ext2fs_open_inode_scan(ext2_filsys fs, int buffer_blocks,
 	scan->blocks_left = scan->fs->inode_blocks_per_group;
 	if (EXT2_HAS_RO_COMPAT_FEATURE(fs->super,
 				       EXT4_FEATURE_RO_COMPAT_GDT_CSUM)) {
-		scan->inodes_left -=
-			ext2fs_bg_itable_unused(fs, scan->current_group);
+		__u32 unused = ext2fs_bg_itable_unused(fs, scan->current_group);
+		if (scan->inodes_left > unused)
+			scan->inodes_left -= unused;
+		else
+			scan->inodes_left = 0;
 		scan->blocks_left =
 			(scan->inodes_left +
 			 (fs->blocksize / scan->inode_size - 1)) *
@@ -243,8 +246,11 @@ static errcode_t get_next_blockgroup(ext2_inode_scan scan)
 	scan->blocks_left = fs->inode_blocks_per_group;
 	if (EXT2_HAS_RO_COMPAT_FEATURE(fs->super,
 				       EXT4_FEATURE_RO_COMPAT_GDT_CSUM)) {
-		scan->inodes_left -=
-			ext2fs_bg_itable_unused(fs, scan->current_group);
+		__u32 unused = ext2fs_bg_itable_unused(fs, scan->current_group);
+		if (scan->inodes_left > unused)
+			scan->inodes_left -= unused;
+		else
+			scan->inodes_left = 0;
 		scan->blocks_left =
 			(scan->inodes_left +
 			 (fs->blocksize / scan->inode_size - 1)) *
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ