| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1418153416-17750-1-git-send-email-dmonakhov@openvz.org>
Date: Tue, 9 Dec 2014 23:30:16 +0400
From: Dmitry Monakhov <dmonakhov@...nvz.org>
To: linux-ext4@...r.kernel.org
Cc: Dmitry Monakhov <dmonakhov@...nvz.org>
Subject: [PATCH] ext2fs: fix integer overflow in rb_get_bmap_range
bmap_rb_extent is defined as __u64:blk __u64:count. So count can exceed INT_MAX on
populated filesystems
TESTCASE: xfstest ext4/004
Signed-off-by: Dmitry Monakhov <dmonakhov@...nvz.org>
---
lib/ext2fs/blkmap64_rb.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/ext2fs/blkmap64_rb.c b/lib/ext2fs/blkmap64_rb.c
index 8d1778d..e290ade 100644
--- a/lib/ext2fs/blkmap64_rb.c
+++ b/lib/ext2fs/blkmap64_rb.c
@@ -733,7 +733,7 @@ static errcode_t rb_get_bmap_range(ext2fs_generic_bitmap bitmap,
struct rb_node *parent = NULL, *next, **n;
struct ext2fs_rb_private *bp;
struct bmap_rb_extent *ext;
- int count;
+ __u64 count;
__u64 pos;
bp = (struct ext2fs_rb_private *) bitmap->private;
@@ -765,9 +765,9 @@ static errcode_t rb_get_bmap_range(ext2fs_generic_bitmap bitmap,
if (pos >= start + num)
break;
if (pos < start) {
- count -= start - pos;
- if (count < 0)
+ if (pos + count < start)
continue;
+ count -= start - pos;
pos = start;
}
if (pos + count > start + num)
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists