| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Oct 2013 19:59:54 +0800 From: Eryu Guan <guaneryu@...il.com> To: linux-ext4@...r.kernel.org Cc: Theodore Ts'o <tytso@....edu>, Lukáš Czerner <lczerner@...hat.com> Subject: Re: [PATCH v2] ext4: check for overlapping extents in ext4_valid_extent_entries() On Sun, Oct 20, 2013 at 09:27:27PM +0800, Eryu Guan wrote: > A corrupted ext4 may have out of order leaf extents, i.e. > > extent: lblk 0--1023, len 1024, pblk 9217, flags: LEAF UNINIT > extent: lblk 1000--2047, len 1024, pblk 10241, flags: LEAF UNINIT > ^^^^ overlap with previous extent > > Reading such extent could hit BUG_ON() in ext4_es_cache_extent(). > > BUG_ON(end < lblk); > > The problem is that __read_extent_tree_block() tries to cache holes as > well but assumes 'lblk' is greater than 'prev' and passes underflowed > length to ext4_es_cache_extent(). Fix it by checking for overlapping > extents in ext4_valid_extent_entries(). > > I hit this when fuzz testing ext4, and am able to reproduce it by > modifying the on-disk extent by hand. > > Ran xfstests on patched ext4 and no regression. > > Cc: "Theodore Ts'o" <tytso@....edu> > Cc: Lukáš Czerner <lczerner@...hat.com> > Signed-off-by: Eryu Guan <guaneryu@...il.com> Self NAK, I found problems in tests, will think about it more. Thanks, Eryu -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists