| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20191023054447.GE361298@sol.localdomain>
Date: Tue, 22 Oct 2019 22:44:47 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Theodore Ts'o <tytso@....edu>
Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>,
stable@...nel.org
Subject: Re: [PATCH] ext4: fix signed vs unsigned comparison in
ext4_valid_extent()
On Tue, Oct 22, 2019 at 09:31:12PM -0400, Theodore Ts'o wrote:
> Due to a signed vs unsigned comparison, an invalid extent where
> ee_block (the logical block) is so large that lblk + len overflow
> wasn't getting flagged as invalid.
>
> As a result, we tripped the BUG_ON(end < lblk) in
> ext4_es_cache_extent() when trying to mount a file system with a
> corrupted journal inode was corrupted.
>
> https://bugzilla.kernel.org/show_bug.cgi?id=205197
>
> Signed-off-by: Theodore Ts'o <tytso@....edu>
> Cc: stable@...nel.org
> ---
> fs/ext4/extents.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
> index fb0f99dc8c22..d12bc287abdc 100644
> --- a/fs/ext4/extents.c
> +++ b/fs/ext4/extents.c
> @@ -367,7 +367,7 @@ ext4_ext_max_entries(struct inode *inode, int depth)
> static int ext4_valid_extent(struct inode *inode, struct ext4_extent *ext)
> {
> ext4_fsblk_t block = ext4_ext_pblock(ext);
> - int len = ext4_ext_get_actual_len(ext);
> + unsigned int len = ext4_ext_get_actual_len(ext);
> ext4_lblk_t lblock = le32_to_cpu(ext->ee_block);
>
> /*
> --
> 2.23.0
>
This patch can't be fixing anything because the comparison is unsigned both
before and after this patch.
- Eric
Powered by blists - more mailing lists