| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <3C498AE4-D26A-41AD-A862-EE1C80290C7B@gmail.com> Date: Mon, 26 Dec 2011 21:26:22 -0500 From: Xi Wang <xi.wang@...il.com> To: Andreas Dilger <aedilger@...il.com> Cc: Theodore Ts'o <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, "linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org> Subject: Re: [PATCH] ext4: avoid oversized shift in ext4_fill_flex_info() On Dec 26, 2011, at 2:20 AM, Andreas Dilger wrote: > While this is true in theory, it is not possible to have 2^32 groups per flex group. This would mean 2^32 block bitmaps and inode bitmaps in a single group, which is impossible. This patch is based on commit 503358ae "ext4: avoid divide by zero when trying to mount a corrupted file system", as I quote: "If s_log_groups_per_flex is greater than 31, then groups_per_flex will will overflow and cause a divide by zero error." The intent is to avoid oversized shift in that commit, because the behavior is undefined in C and may vary on different architectures. My understanding is that sbi->s_es->s_log_groups_per_flex needs a sanity check if it is read from a malicious or corrupted filesystem in ext4_fill_flex_info(), which is called from ext4_fill_super(). Did I miss anything? - xi-- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists