lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Nov 2016 18:13:46 +0100 From: Jan Kara <jack@...e.cz> To: Chandan Rajendra <chandan@...ux.vnet.ibm.com> Cc: linux-ext4@...r.kernel.org, tytso@....edu, jack@...e.cz, adilger@...ger.ca Subject: Re: [PATCH V2] ext4: ext4_mb_seq_groups_show: Fix stack memory corruption On Thu 10-11-16 11:16:04, Chandan Rajendra wrote: > The number of 'counters' elements needed in 'struct sg' is > super_block->s_blocksize_bits + 2. Presently we have 16 'counters' > elements in the array. This is insufficient for block sizes >= 32k. In > such cases the memcpy operation performed in ext4_mb_seq_groups_show() > would cause stack memory corruption. > > Signed-off-by: Chandan Rajendra <chandan@...ux.vnet.ibm.com> Looks good. You can add: Reviewed-by: Jan Kara <jack@...e.cz> Honza > --- > Changelog: > v1->v2: Use EXT4_MAX_BLOCK_LOG_SIZE instead of the integer constant 16. > > fs/ext4/mballoc.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c > index a937ac7..7ae43c5 100644 > --- a/fs/ext4/mballoc.c > +++ b/fs/ext4/mballoc.c > @@ -2287,7 +2287,7 @@ static int ext4_mb_seq_groups_show(struct seq_file *seq, void *v) > struct ext4_group_info *grinfo; > struct sg { > struct ext4_group_info info; > - ext4_grpblk_t counters[16]; > + ext4_grpblk_t counters[EXT4_MAX_BLOCK_LOG_SIZE + 2]; > } sg; > > group--; > -- > 2.5.5 > -- Jan Kara <jack@...e.com> SUSE Labs, CR -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists