lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 12 Jun 2009 09:04:32 -0700 (PDT)
From:	number9652 <number9652@...oo.com>
To:	linux-ext4@...r.kernel.org
Subject: [PATCH] libext2fs: ensure validate_entry doesn't read beyond blocksize


ext2fs_validate_entry would read beyond the end of the block to get dirent->rec_len for certain arguments (like if blocksize == final_offset).  This patch adds a check so that doesn't happen, and changes the types of the arguments to avoid a compiler warning.

Signed-off-by: Nic Case <number9652@...oo.com>

diff --git a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c
index 1f8cf8f..6be066c 100644
--- a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c
+++ b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c
@@ -29,13 +29,15 @@
  * undeleted entry.  Returns 1 if the deleted entry looks valid, zero
  * if not valid.
  */
-static int ext2fs_validate_entry(ext2_filsys fs, char *buf, int offset,
-				 int final_offset)
+static int ext2fs_validate_entry(ext2_filsys fs, char *buf,
+				 unsigned int offset,
+				 unsigned int final_offset)
 {
 	struct ext2_dir_entry *dirent;
 	int	rec_len;
+	int dirent_min_len = 12;
 
-	while (offset < final_offset) {
+	while (offset < final_offset &&	offset <= fs->blocksize - dirent_min_len) {
 		dirent = (struct ext2_dir_entry *)(buf + offset);
 		rec_len = (dirent->rec_len || fs->blocksize < 65536) ?
 			dirent->rec_len : 65536;



      

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists