| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20161207120509.GF8394@quack2.suse.cz>
Date: Wed, 7 Dec 2016 13:05:09 +0100
From: Jan Kara <jack@...e.cz>
To: "Darrick J. Wong" <darrick.wong@...cle.com>
Cc: Theodore Ts'o <tytso@....edu>, Jan Kara <jack@...e.cz>,
linux-ext4 <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH] ext2: reject inodes with negative size
On Tue 06-12-16 15:59:01, Darrick J. Wong wrote:
> Don't load an inode with a negative size; this causes integer overflow
> problems in the VFS.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@...cle.com>
Thanks, I've added the patch to my tree.
Honza
> ---
> fs/ext2/inode.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/fs/ext2/inode.c b/fs/ext2/inode.c
> index 41b8b44..01f6d4b 100644
> --- a/fs/ext2/inode.c
> +++ b/fs/ext2/inode.c
> @@ -1476,6 +1476,10 @@ struct inode *ext2_iget (struct super_block *sb, unsigned long ino)
> inode->i_size |= ((__u64)le32_to_cpu(raw_inode->i_size_high)) << 32;
> else
> ei->i_dir_acl = le32_to_cpu(raw_inode->i_dir_acl);
> + if (i_size_read(inode) < 0) {
> + ret = -EFSCORRUPTED;
> + goto bad_inode;
> + }
> ei->i_dtime = 0;
> inode->i_generation = le32_to_cpu(raw_inode->i_generation);
> ei->i_state = 0;
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists