lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200229232559.GA38945@mit.edu>
Date:   Sat, 29 Feb 2020 18:25:59 -0500
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Andreas Dilger <adilger@...mcloud.com>
Cc:     linux-ext4@...r.kernel.org
Subject: Re: [PATCH 1/9] e2fsck: fix e2fsck_allocate_memory() overflow

On Thu, Feb 06, 2020 at 06:09:38PM -0700, Andreas Dilger wrote:
> e2fsck_allocate_memory() takes an "unsigned int size" argument, which
> will overflow for allocations above 4GB.  This happens for dir_info
> and dx_dir_info arrays when there are more than 350M directories in a
> filesystem, and for the dblist array above 180M directories.
> 
> There is also a risk of overflow during the binary search in both
> e2fsck_get_dir_info() and e2fsck_get_dx_dir_info() when the midpoint
> of the array is calculated, if there would be more than 2B directories
> in the filesystem and working above the half way point.
> 
> Also, in some places inode numbers are "int" instead of "ext2_ino_t",
> which can also cause problems with the array size calculations, and
> makes it hard to identify where inode numbers are used.
> 
> Fix e2fsck_allocate_memory() to take an "unsigned long" argument to
> match ext2fs_get_mem(), so that it can do single memory allocations
> over 4GB.
> 
> Fix e2fsck_get_dir_info() and e2fsck_get_dx_dir_info() to temporarily
> use an unsigned long long value to calculate the midpoint (which will
> always fit into an ext2_ino_t again afterward).
> 
> Change variables that hold inode numbers to be ext2_ino_t, and print
> them as unsigned values instead of printing negative inode numbers.
> 
> Signed-off-by: Andreas Dilger <adilger@...mcloud.com>
> Reviewed-by: Shilong Wang <wshilong@....com>
> Lustre-bug-id: https://jira.whamcloud.com/browse/LU-13197

Applied, thanks.

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ