| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1183973522.3889.10.camel@garfield.linsyssoft.com>
Date: Mon, 09 Jul 2007 15:02:02 +0530
From: Kalpak Shah <kalpak@...sterfs.com>
To: TheodoreTso <tytso@....edu>
Cc: linux-ext4 <linux-ext4@...r.kernel.org>,
Andreas Dilger <adilger@...sterfs.com>
Subject: [e2fsprogs] Bug in salvage_directory
Hi Ted,
Recently, one of our customers found this message in pass2 of e2fsck while doing some regression testing:
"Entry '4, 0x695a, 0x81ff, 0x0040, 0x8320, 0xa192, 0x0021' in ??? (136554) has
rec_len of 14200, should be 26908."
Both the displayed rec_len and the "should be" value are bogus. The reason is that salvage_directory sets a offset beyond blocksize leading to bogus messages.
Signed-off-by: Kalpak Shah <kalpak@...sterfs.com>
Index: e2fsprogs-1.39/e2fsck/pass2.c
===================================================================
--- e2fsprogs-1.39.orig/e2fsck/pass2.c
+++ e2fsprogs-1.39/e2fsck/pass2.c
@@ -690,7 +690,10 @@ static void salvage_directory(ext2_filsy
*/
if (prev && dirent->rec_len && (dirent->rec_len % 4) == 0) {
prev->rec_len += dirent->rec_len;
- *offset += dirent->rec_len;
+ if (*offset + dirent->rec_len <= fs->blocksize)
+ *offset += dirent->rec_len;
+ else
+ *offset = fs->blocksize;
return;
}
/*
Thanks,
Kalpak.
-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists