| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 15:31:21 +0200
From: Lukas Czerner <lczerner@...hat.com>
To: Theodore Ts'o <tytso@....edu>
Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>,
Nils Bars <nils.bars@....de>,
Moritz Schlögel <moritz.schloegel@....de>,
Nico Schiller <nico.schiller@....de>
Subject: Re: [PATCH 3/7] libext2fs: add check for too-short directory blocks
On Tue, Jun 07, 2022 at 12:24:40AM -0400, Theodore Ts'o wrote:
> If there is an inline data directory which is smaller than 8 bytes
> (which should never happen but for corrupted or fuzzed file systems),
> ext2fs_process_dir_block() will now abort EXT2_ET_DIR_CORRUPTED to
> avoid an out-of-bounds read.
Looks good.
Reviewed-by: Lukas Czerner <lczerner@...hat.com>
>
> Reported-by: Nils Bars <nils.bars@....de>
> Reported-by: Moritz Schlögel <moritz.schloegel@....de>
> Reported-by: Nico Schiller <nico.schiller@....de>
> Signed-off-by: Theodore Ts'o <tytso@....edu>
> ---
> lib/ext2fs/dir_iterate.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/lib/ext2fs/dir_iterate.c b/lib/ext2fs/dir_iterate.c
> index b2b77693..7798a482 100644
> --- a/lib/ext2fs/dir_iterate.c
> +++ b/lib/ext2fs/dir_iterate.c
> @@ -221,6 +221,10 @@ int ext2fs_process_dir_block(ext2_filsys fs,
> if (ext2fs_has_feature_metadata_csum(fs->super))
> csum_size = sizeof(struct ext2_dir_entry_tail);
>
> + if (buflen < 8) {
> + ctx->errcode = EXT2_ET_DIR_CORRUPTED;
> + return BLOCK_ABORT;
> + }
> while (offset < buflen - 8) {
> dirent = (struct ext2_dir_entry *) (ctx->buf + offset);
> if (ext2fs_get_rec_len(fs, dirent, &rec_len))
> --
> 2.31.0
>
Powered by blists - more mailing lists