lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jun 2009 09:04:32 -0700 (PDT) From: number9652 <number9652@...oo.com> To: linux-ext4@...r.kernel.org Subject: [PATCH] libext2fs: ensure validate_entry doesn't read beyond blocksize ext2fs_validate_entry would read beyond the end of the block to get dirent->rec_len for certain arguments (like if blocksize == final_offset). This patch adds a check so that doesn't happen, and changes the types of the arguments to avoid a compiler warning. Signed-off-by: Nic Case <number9652@...oo.com> diff --git a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c index 1f8cf8f..6be066c 100644 --- a/e2fsprogs-1.41.5-orig/lib/ext2fs/dir_iterate.c +++ b/e2fsprogs-1.41.5/lib/ext2fs/dir_iterate.c @@ -29,13 +29,15 @@ * undeleted entry. Returns 1 if the deleted entry looks valid, zero * if not valid. */ -static int ext2fs_validate_entry(ext2_filsys fs, char *buf, int offset, - int final_offset) +static int ext2fs_validate_entry(ext2_filsys fs, char *buf, + unsigned int offset, + unsigned int final_offset) { struct ext2_dir_entry *dirent; int rec_len; + int dirent_min_len = 12; - while (offset < final_offset) { + while (offset < final_offset && offset <= fs->blocksize - dirent_min_len) { dirent = (struct ext2_dir_entry *)(buf + offset); rec_len = (dirent->rec_len || fs->blocksize < 65536) ? dirent->rec_len : 65536; -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists