lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Dec 2016 15:09:44 -0500 From: Theodore Ts'o <tytso@....edu> To: Eryu Guan <guaneryu@...il.com> Cc: linux-ext4@...r.kernel.org Subject: Re: [PATCH] ext4: validate s_first_meta_bg at mount time On Tue, Nov 29, 2016 at 01:57:17PM +0800, Eryu Guan wrote: > Ralf Spenneberg reported that he hit a kernel crash when mounting a > modified ext4 image. And it turns out that kernel crashed when > calculating fs overhead (ext4_calculate_overhead()), this is because > the image has very large s_first_meta_bg (debug code shows it's > 842150400), and ext4 overruns the memory in count_overhead() when > setting bitmap buffer, which is PAGE_SIZE. >... > Fix it by validating s_first_meta_bg first at mount time, and > refusing to mount if its value exceeds the largest possible meta_bg > number. > > Reported-by: Ralf Spenneberg <ralf@...t.de> > Signed-off-by: Eryu Guan <guaneryu@...il.com> Thanks, applied. And yes, I do believe you are right about e2fsck having an off-by-one error. Will fix. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists