| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Mar 2020 18:39:11 -0500 From: "Theodore Y. Ts'o" <tytso@....edu> To: Andreas Dilger <adilger@...mcloud.com> Cc: linux-ext4@...r.kernel.org Subject: Re: [PATCH] e2fsck: avoid overflow with very large dirs On Tue, Feb 11, 2020 at 06:07:21PM -0700, Andreas Dilger wrote: > In alloc_size_dir() it multiples signed ints when allocating the > buffer for rehashing an htree-indexed directory. This will overflow > when the directory size is above 4GB, which is possible with largedir > directories having about 100M entries, assuming an average 3/4 leaf > fullness and 24-byte filenames, or fewer with longer filenames. > The same problem exisgs in get_next_block(). > > Similarly, the out_dir struct used a signed int for the number of > blocks in the directory, which may result in a negative size if the > directory is over 2GB (about 50M entries or fewer). > > Use appropriate unsigned variables for block counts, and use larger > types for calculating the byte count for memory offsets/sizes. > > Such large directories not been seen yet, but are not too far away. > The ext2fs_get_array() function will properly calculate the needed > memory allocation, and detect overflow on 32-bit systems. > Add ext2fs_resize_array() to do the same for array resize. > > Signed-off-by: Andreas Dilger <adilger@...mcloud.com> > Lustre-bug-id: https://jira.whamcloud.com/browse/LU-13197 Applied, thanks. I had to make a slight change to fix a "merge conflict" with the patch. - Ted
Powered by blists - more mailing lists