| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20191023013112.18809-1-tytso@mit.edu>
Date: Tue, 22 Oct 2019 21:31:12 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Ext4 Developers List <linux-ext4@...r.kernel.org>
Cc: "Theodore Ts'o" <tytso@....edu>, stable@...nel.org
Subject: [PATCH] ext4: fix signed vs unsigned comparison in ext4_valid_extent()
Due to a signed vs unsigned comparison, an invalid extent where
ee_block (the logical block) is so large that lblk + len overflow
wasn't getting flagged as invalid.
As a result, we tripped the BUG_ON(end < lblk) in
ext4_es_cache_extent() when trying to mount a file system with a
corrupted journal inode was corrupted.
https://bugzilla.kernel.org/show_bug.cgi?id=205197
Signed-off-by: Theodore Ts'o <tytso@....edu>
Cc: stable@...nel.org
---
fs/ext4/extents.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index fb0f99dc8c22..d12bc287abdc 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -367,7 +367,7 @@ ext4_ext_max_entries(struct inode *inode, int depth)
static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
{
ext4_fsblk_t block = ext4_ext_pblock(ext);
- int len = ext4_ext_get_actual_len(ext);
+ unsigned int len = ext4_ext_get_actual_len(ext);
ext4_lblk_t lblock = le32_to_cpu(ext->ee_block);
/*
--
2.23.0
Powered by blists - more mailing lists