lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Jun 2022 15:31:21 +0200 From: Lukas Czerner <lczerner@...hat.com> To: Theodore Ts'o <tytso@....edu> Cc: Ext4 Developers List <linux-ext4@...r.kernel.org>, Nils Bars <nils.bars@....de>, Moritz Schlögel <moritz.schloegel@....de>, Nico Schiller <nico.schiller@....de> Subject: Re: [PATCH 3/7] libext2fs: add check for too-short directory blocks On Tue, Jun 07, 2022 at 12:24:40AM -0400, Theodore Ts'o wrote: > If there is an inline data directory which is smaller than 8 bytes > (which should never happen but for corrupted or fuzzed file systems), > ext2fs_process_dir_block() will now abort EXT2_ET_DIR_CORRUPTED to > avoid an out-of-bounds read. Looks good. Reviewed-by: Lukas Czerner <lczerner@...hat.com> > > Reported-by: Nils Bars <nils.bars@....de> > Reported-by: Moritz Schlögel <moritz.schloegel@....de> > Reported-by: Nico Schiller <nico.schiller@....de> > Signed-off-by: Theodore Ts'o <tytso@....edu> > --- > lib/ext2fs/dir_iterate.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/lib/ext2fs/dir_iterate.c b/lib/ext2fs/dir_iterate.c > index b2b77693..7798a482 100644 > --- a/lib/ext2fs/dir_iterate.c > +++ b/lib/ext2fs/dir_iterate.c > @@ -221,6 +221,10 @@ int ext2fs_process_dir_block(ext2_filsys fs, > if (ext2fs_has_feature_metadata_csum(fs->super)) > csum_size = sizeof(struct ext2_dir_entry_tail); > > + if (buflen < 8) { > + ctx->errcode = EXT2_ET_DIR_CORRUPTED; > + return BLOCK_ABORT; > + } > while (offset < buflen - 8) { > dirent = (struct ext2_dir_entry *) (ctx->buf + offset); > if (ext2fs_get_rec_len(fs, dirent, &rec_len)) > -- > 2.31.0 >
Powered by blists - more mailing lists