| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Mar 2020 11:09:32 +0200 From: Jan Kara <jack@...e.cz> To: Ted Tso <tytso@....edu> Cc: <linux-ext4@...r.kernel.org>, Jan Kara <jack@...e.cz> Subject: [PATCH 2/2] ext2fs: Fix off-by-one in dx_grow_tree() There is an off-by-one error in dx_grow_tree() when checking whether we can add another level to the tree. Thus we can grow tree too much leading to possible crashes in the library or corrupted filesystem. Fix the bug. Signed-off-by: Jan Kara <jack@...e.cz> --- lib/ext2fs/link.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ext2fs/link.c b/lib/ext2fs/link.c index 7b5bb022117c..469eea8cd06d 100644 --- a/lib/ext2fs/link.c +++ b/lib/ext2fs/link.c @@ -473,7 +473,7 @@ static errcode_t dx_grow_tree(ext2_filsys fs, ext2_ino_t dir, ext2fs_le16_to_cpu(info->frames[i].head->limit)) break; /* Need to grow tree depth? */ - if (i < 0 && info->levels > ext2_dir_htree_level(fs)) + if (i < 0 && info->levels >= ext2_dir_htree_level(fs)) return EXT2_ET_DIR_NO_SPACE; lblk = size / fs->blocksize; size += fs->blocksize; -- 2.16.4
Powered by blists - more mailing lists