| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 12 Sep 2006 17:55:23 +0200
From: Samuel Tardieu <sam@...1149.net>
To: linux-kernel@...r.kernel.org
Subject: Re: Two vulnerabilities are founded,please confirm.
>>>>> "ADLab" == ADLab <adlab@...ustech.com.cn> writes:
ADLab> Advisory: [AD_LAB-06011] Linux kernel Filesystem Mount Dead
ADLab> Loop Class: Design Error
Would a simple fix like this one (untested) work?
Check that the requested block fits in the device.
Fix for advisory AD_LAB-06011 Linux kernel Filesystem Mount Dead Loop.
Signed-off-by: Samuel Tardieu <sam@...1149.net>
diff -r db51efd75e66 fs/buffer.c
--- a/fs/buffer.c Sun Sep 10 01:02:33 2006 +0200
+++ b/fs/buffer.c Tue Sep 12 17:54:13 2006 +0200
@@ -1456,7 +1456,17 @@ struct buffer_head *
struct buffer_head *
__getblk(struct block_device *bdev, sector_t block, int size)
{
- struct buffer_head *bh = __find_get_block(bdev, block, size);
+ struct buffer_head *bh;
+ char b[BDEVNAME_SIZE];
+
+ if (block >= bdev->bd_disk->capacity) {
+ printk(KERN_ERR "Invalid block number %Ld requested on device %s",
+ (unsigned long long)block,
+ bdevname(bdev, b));
+ return NULL;
+ }
+
+ bh = __find_get_block(bdev, block, size);
might_sleep();
if (bh == NULL)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists