lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 07 Oct 2009 03:51:18 +0100
From:	Ben Hutchings <ben@...adent.org.uk>
To:	linux-kernel@...r.kernel.org
Cc:	Eric Sesterhenn <snakebyte@....de>,
	Roman Zippel <zippel@...ux-m68k.org>
Subject: hfsplus corrupts filesystems >2TB

A Debian bug report <http://bugs.debian.org/550010> alerted me to the
fact that hfsplus is not using enough bits for some sector calculations.

hfsplus_get_block() does:

	u32 ablock, dblock, mask;
...
	map_bh(bh_result, sb, (dblock << HFSPLUS_SB(sb).fs_shift) + HFSPLUS_SB(sb).blockoffset + (iblock & mask));

which results in overflow when the sector number is >2^32.  Now it might
be sufficient to change the last line to:

	map_bh(bh_result, sb, ((sector_t)dblock << HFSPLUS_SB(sb).fs_shift) + HFSPLUS_SB(sb).blockoffset + (iblock & mask));

but there may be many other places where u32 must be changed to
sector_t.

For Debian's stable release, I'm intending to prevent mounting volumes
larger than 2^32 sectors (2TB).  Is anyone interested in fixing this
properly or should I submit the same change for mainline?

Ben.

-- 
Ben Hutchings
To err is human; to really foul things up requires a computer.

Download attachment "signature.asc" of type "application/pgp-signature" (829 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ