| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20151130202804.GG4316@thunk.org> Date: Mon, 30 Nov 2015 15:28:04 -0500 From: Theodore Ts'o <tytso@....edu> To: Andreas Dilger <andreas.dilger@...el.com> Cc: linux-ext4@...r.kernel.org Subject: Re: [PATCH 1/2] libext2fs: fix block-mapped file punch On Thu, Nov 19, 2015 at 01:13:18AM -0700, Andreas Dilger wrote: > If ext2fs_punch() was called with "end = ~0ULL" to indicate truncate > to the end of file it tried to compute "count" for ext2fs_punch_ind() > based on "start" and "end", but incorrectly passed "count = ~0U" even > when "start" was non-zero, causing an overflow in some cases. > > The calling convention for ext2fs_punch_ind() was also gratuitously > different from ext2fs_punch() and ext2fs_punch_extent(), passing > "count" instead of "end" as the last parameter. Fix this by passing > it "end" like the other functions, and handle "count" internally. > > Add checks to ext2fs_punch_ind() if "end" is at or beyond the 2^32 > indirect block limit so the 32-bit internal variables don't overflow. > > Signed-off-by: Andreas Dilger <andreas.dilger@...el.com> Thanks, applied. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists