lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Mar 2022 09:12:27 -0700 From: Tadeusz Struk <tadeusz.struk@...aro.org> To: linux-ext4@...r.kernel.org Cc: Andreas Dilger <adilger.kernel@...ger.ca>, Ritesh Harjani <riteshh@...ux.ibm.com>, stable@...r.kernel.org, linux-kernel@...r.kernel.org, syzbot+7a806094edd5d07ba029@...kaller.appspotmail.com, tytso@....edu Subject: Re: [PATCH v2] ext4: check if offset+length is valid in fallocate On 3/15/22 14:54, Tadeusz Struk wrote: > Syzbot found an issue [1] in ext4_fallocate(). > The C reproducer [2] calls fallocate(), passing size 0xffeffeff000ul, > and offset 0x1000000ul, which, when added together exceed the disk size, > and trigger a BUG in ext4_ind_remove_space() [3]. > According to the comment doc in ext4_ind_remove_space() the 'end' block > parameter needs to be one block after the last block to remove. > In the case when the BUG is triggered it points to the last block on > a 4GB virtual disk image. This is calculated in > ext4_ind_remove_space() in [4]. > This patch adds a check that ensure the length + offest to be > within the valid range and returns -ENOSPC error code in case > it is invalid. Hi, Any feedback on this? -- Thanks, Tadeusz
Powered by blists - more mailing lists