| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170723045035.26019-3-tytso@mit.edu>
Date: Sun, 23 Jul 2017 00:50:33 -0400
From: Theodore Ts'o <tytso@....edu>
To: Ext4 Developers List <linux-ext4@...r.kernel.org>
Cc: abuchbinder@...gle.com, Theodore Ts'o <tytso@....edu>
Subject: [PATCH 3/5] libext2fs: add stricter checks on the inode size in ext2fs_open2()
An inode size larger than the block size can cause userspace programs
to crash.
This problem was found using American Fuzzy Lop.
Reported-by: Adam Buchbinder <abuchbinder@...gle.com>
Signed-off-by: Theodore Ts'o <tytso@....edu>
---
lib/ext2fs/openfs.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index 0362b2839..da03bc147 100644
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -121,6 +121,7 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
blk64_t group_block, blk;
char *dest, *cp;
int group_zero_adjust = 0;
+ int inode_size;
#ifdef WORDS_BIGENDIAN
unsigned int groups_per_block;
struct ext2_group_desc *gdp;
@@ -297,7 +298,10 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
goto cleanup;
}
fs->fragsize = fs->blocksize = EXT2_BLOCK_SIZE(fs->super);
- if (EXT2_INODE_SIZE(fs->super) < EXT2_GOOD_OLD_INODE_SIZE) {
+ inode_size = EXT2_INODE_SIZE(fs->super);
+ if ((inode_size < EXT2_GOOD_OLD_INODE_SIZE) ||
+ (inode_size > fs->blocksize) ||
+ (inode_size & (inode_size - 1))) {
retval = EXT2_ET_CORRUPT_SUPERBLOCK;
goto cleanup;
}
--
2.11.0.rc0.7.gbe5a750
Powered by blists - more mailing lists