lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 May 2012 14:24:38 -0400 From: Ted Ts'o <tytso@....edu> To: Haogang Chen <haogangchen@...il.com> Cc: Andreas Dilger <adilger.kernel@...ger.ca>, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] FS: ext4: fix integer overflow in alloc_flex_gd() On Mon, Feb 20, 2012 at 05:41:24PM -0500, Haogang Chen wrote: > In alloc_flex_gd(), when flexbg_size is large, kmalloc size would > overflow and flex_gd->groups would point to a buffer smaller than > expected, causing OOB accesses when it is used. > > Note that in ext4_resize_fs(), flexbg_size is calculated using > sbi->s_log_groups_per_flex, which is read from the disk and only bounded > to [1, 31]. The patch returns NULL for too large flexbg_size. > > Signed-off-by: Haogang Chen <haogangchen@...il.com> Thanks, applied. Apologies for missing this during the last cycle. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists