lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20181003015443.GA22436@thunk.org> Date: Tue, 2 Oct 2018 21:54:43 -0400 From: "Theodore Y. Ts'o" <tytso@....edu> To: Lukas Czerner <lczerner@...hat.com> Cc: linux-ext4@...r.kernel.org Subject: Re: [PATCH] e2fsprogs: avoid segfault when s_nr_users is too high On Tue, Aug 14, 2018 at 04:37:53PM +0200, Lukas Czerner wrote: > Currently in e2fsprogs tools it's possible to access out of bounds > memory when reading list of ids sharing a journal log > (journal_superblock_t->s_users[]) in case where s_nr_users is too high. > > This is because we never check whether the s_nr_users fits into the > restriction of JFS_USERS_MAX. Fix it by checking that nr_users is not > bigger than JFS_USERS_MAX and error out when possiblem. > > Also add test for dumpe2fs. The rest would require involving external > journal which is not possible to test with e2fsprogs test suite at the > moment. > > Signed-off-by: Lukas Czerner <lczerner@...hat.com> Thanks, applied. - Ted
Powered by blists - more mailing lists