| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210422052448.29802-1-artem.blagodarenko@gmail.com>
Date: Thu, 22 Apr 2021 01:24:48 -0400
From: Artem Blagodarenko <artem.blagodarenko@...il.com>
To: linux-ext4@...r.kernel.org
Cc: adilger.kernel@...ger.ca,
Artem Blagodarenko <artem.blagodarenko@...il.com>,
Alexey Lyashkov <c17817@...y.com>,
Artem Blagodarenko <c17828@...y.com>
Subject: [PATCH] e2image: fix overflow in l2 table processing
For a large partition during e2image capture process
it is possible to overflow offset at multiply operation.
This leads to the situation when data is written to the
position at the start of the image instead of the image end.
Let's use the right cast to avoid integer overflow.
Signed-off-by: Alexey Lyashkov <c17817@...y.com>
Signed-off-by: Artem Blagodarenko <c17828@...y.com>
HPE-bug-id: LUS-9368
---
lib/ext2fs/qcow2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ext2fs/qcow2.c b/lib/ext2fs/qcow2.c
index ee701f7a..20824170 100644
--- a/lib/ext2fs/qcow2.c
+++ b/lib/ext2fs/qcow2.c
@@ -238,7 +238,7 @@ int qcow2_write_raw_image(int qcow2_fd, int raw_fd,
if (offset == 0)
continue;
- off_out = (l1_index * img.l2_size) +
+ off_out = ((__u64)l1_index * img.l2_size) +
l2_index;
off_out <<= img.cluster_bits;
ret = qcow2_copy_data(qcow2_fd, raw_fd, offset,
--
2.18.4
Powered by blists - more mailing lists