lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20161110171346.GA31098@quack2.suse.cz>
Date:   Thu, 10 Nov 2016 18:13:46 +0100
From:   Jan Kara <jack@...e.cz>
To:     Chandan Rajendra <chandan@...ux.vnet.ibm.com>
Cc:     linux-ext4@...r.kernel.org, tytso@....edu, jack@...e.cz,
        adilger@...ger.ca
Subject: Re: [PATCH V2] ext4: ext4_mb_seq_groups_show: Fix stack memory
 corruption

On Thu 10-11-16 11:16:04, Chandan Rajendra wrote:
> The number of 'counters' elements needed in 'struct sg' is
> super_block->s_blocksize_bits + 2. Presently we have 16 'counters'
> elements in the array. This is insufficient for block sizes >= 32k. In
> such cases the memcpy operation performed in ext4_mb_seq_groups_show()
> would cause stack memory corruption.
> 
> Signed-off-by: Chandan Rajendra <chandan@...ux.vnet.ibm.com>

Looks good. You can add:

Reviewed-by: Jan Kara <jack@...e.cz>

								Honza

> ---
> Changelog: 
> v1->v2: Use EXT4_MAX_BLOCK_LOG_SIZE instead of the integer constant 16.
> 
>  fs/ext4/mballoc.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
> index a937ac7..7ae43c5 100644
> --- a/fs/ext4/mballoc.c
> +++ b/fs/ext4/mballoc.c
> @@ -2287,7 +2287,7 @@ static int ext4_mb_seq_groups_show(struct seq_file *seq, void *v)
>  	struct ext4_group_info *grinfo;
>  	struct sg {
>  		struct ext4_group_info info;
> -		ext4_grpblk_t counters[16];
> +		ext4_grpblk_t counters[EXT4_MAX_BLOCK_LOG_SIZE + 2];
>  	} sg;
>  
>  	group--;
> -- 
> 2.5.5
> 
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ