| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 31 Mar 2020 13:33:03 +0200 From: Lukas Czerner <lczerner@...hat.com> To: Jan Kara <jack@...e.cz> Cc: Ted Tso <tytso@....edu>, linux-ext4@...r.kernel.org Subject: Re: [PATCH 2/2] ext2fs: Fix off-by-one in dx_grow_tree() On Mon, Mar 30, 2020 at 04:55:31PM +0200, Jan Kara wrote: > On Mon 30-03-20 15:27:12, Lukas Czerner wrote: > > On Mon, Mar 30, 2020 at 11:09:32AM +0200, Jan Kara wrote: > > > There is an off-by-one error in dx_grow_tree() when checking whether we > > > can add another level to the tree. Thus we can grow tree too much > > > leading to possible crashes in the library or corrupted filesystem. Fix > > > the bug. > > > > Looks good, thanks > > > > Reviewed-by: Lukas Czerner <lczerner@...hat.com> > > > > Don't we have basically the same off-by-one in > > e2fsck/pass1.c handle_htree() ? > > > > if ((root->indirect_levels > ext2_dir_htree_level(fs)) && > > fix_problem(ctx, PR_1_HTREE_DEPTH, pctx)) > > I don't think so. It is indeed correct for root->indirect_levels to be > equal to ext2_dir_htree_level(). However dx_grow_tree() is going to > increase root->indirect_levels by 1 which is where tree would become > invalid... > > Honza Hmm, are you sure ? I think the names are very confusing root->indirect_levels is zero based, while ext2_dir_htree_level() returns the maximum number of levels (that is 3 by default). If I am right then indirect_levels must always be smaller then ext2_dir_htree_level() and that is how we use it everywhere else - the palce I am pointing out is an exception and I think it's a bug. Indeed it looks like the bug got introduced in 3f0cf647539970474be8f607017ca7eccfc2fbbe - if ((root->indirect_levels > 1) && + if ((root->indirect_levels > ext2_dir_htree_level(fs)) && Or am I missing something ? -Lukas > > > > > > > Signed-off-by: Jan Kara <jack@...e.cz> > > > --- > > > lib/ext2fs/link.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/lib/ext2fs/link.c b/lib/ext2fs/link.c > > > index 7b5bb022117c..469eea8cd06d 100644 > > > --- a/lib/ext2fs/link.c > > > +++ b/lib/ext2fs/link.c > > > @@ -473,7 +473,7 @@ static errcode_t dx_grow_tree(ext2_filsys fs, ext2_ino_t dir, > > > ext2fs_le16_to_cpu(info->frames[i].head->limit)) > > > break; > > > /* Need to grow tree depth? */ > > > - if (i < 0 && info->levels > ext2_dir_htree_level(fs)) > > > + if (i < 0 && info->levels >= ext2_dir_htree_level(fs)) > > > return EXT2_ET_DIR_NO_SPACE; > > > lblk = size / fs->blocksize; > > > size += fs->blocksize; > > > -- > > > 2.16.4 > > > > > > -- > Jan Kara <jack@...e.com> > SUSE Labs, CR >
Powered by blists - more mailing lists