| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bug-200933-13602-Z0CU2e0tu3@https.bugzilla.kernel.org/> Date: Fri, 31 Aug 2018 17:31:15 +0000 From: bugzilla-daemon@...zilla.kernel.org To: linux-ext4@...nel.org Subject: [Bug 200933] Divide zero in __ext4_check_dir_entry https://bugzilla.kernel.org/show_bug.cgi?id=200933 --- Comment #4 from Theodore Tso (tytso@....edu) --- Revised description: ext4: avoid divide by zero fault when deleting corrupted inline directories A specially crafted file system can trick empty_inline_dir() into reading past the last valid entry in a inline directory, and then run into the end of xattr marker. This will trigger a divide by zero fault. Fix this by using the size of the inline directory instead of dir->i_size. Also clean up error reporting in __ext4_check_dir_entry so that the message is clearer and more understandable --- and avoids the division by zero trap if the size passed in is zero. (I'm not sure why we coded it that way in the first place; printing offset % size is actually more confusing and less useful.) https://bugzilla.kernel.org/show_bug.cgi?id=200933 Signed-off-by: Theodore Ts'o <tytso@....edu> Reported-by: Wen Xu <wen.xu@...ech.edu> Cc: stable@...r.kernel.org -- You are receiving this mail because: You are watching the assignee of the bug.
Powered by blists - more mailing lists