lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bug-200015-13602-kOV89PCroe@https.bugzilla.kernel.org/>
Date:   Thu, 14 Jun 2018 23:35:50 +0000
From:   bugzilla-daemon@...zilla.kernel.org
To:     linux-ext4@...nel.org
Subject: [Bug 200015] BUG() triggered in ext4_get_group_info() when mounting
 and operating a crafted ext4 image

https://bugzilla.kernel.org/show_bug.cgi?id=200015

--- Comment #3 from Wen Xu (wen.xu@...ech.edu) ---
(In reply to Theodore Tso from comment #2)
> Thanks for the simplified POC.  But unfortunately that doesn't really tell
> me anything new.  What I need is a simplified POC *image*.
> 
> I can add a simplistic check to see if we get a negative group number in
> ext4_discard_preallocations(), but that's not the real root cause.  And it
> wouldn't be a complete solution, since we would have add gazillions of
> checks anywhere we use s_first_data_block.    It's much better if we can
> check s_first_data_block at mount time (which we do), and then make sure
> that it can't get corrupted afterwards.
> 
> So the real root cause is somehow, the superblock buffer has gotten
> corrupted.   We have a lot of checks to prevent this from happening ---
> that's what the ext4_data_block_valid() function in fs/ext4/block_validity.c
> is all about --- but obviously, we're missing a check somewhere.   The
> question is where.   If we had a simplified POC image, I could look to find
> the file system corruption that was causing the superblock to get trashed.  
> The problem is that there are so many random corruptions, many of them
> completely irrelevant to the bug at hand, that this is extremely difficult.

Yeah, I know. I will spend some time to make a simplified POC image for you :)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ