lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2022 12:00:19 +0200 From: Lukas Czerner <lczerner@...hat.com> To: Jan Kara <jack@...e.cz> Cc: Ted Tso <tytso@....edu>, linux-ext4@...r.kernel.org, Salvatore Bonaccorso <carnil@...ian.org>, stable@...r.kernel.org Subject: Re: [PATCH] ext4: Fix check for block being out of directory size On Mon, Aug 22, 2022 at 01:48:32PM +0200, Jan Kara wrote: > The check in __ext4_read_dirblock() for block being outside of directory > size was wrong because it compared block number against directory size > in bytes. Fix it. Good catch, thanks! Reviewed-by: Lukas Czerner <lczerner@...hat.com> > > Fixes: 65f8ea4cd57d ("ext4: check if directory block is within i_size") > CVE: CVE-2022-1184 > CC: stable@...r.kernel.org > Signed-off-by: Jan Kara <jack@...e.cz> > --- > fs/ext4/namei.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c > index 3a31b662f661..bc2e0612ec32 100644 > --- a/fs/ext4/namei.c > +++ b/fs/ext4/namei.c > @@ -126,7 +126,7 @@ static struct buffer_head *__ext4_read_dirblock(struct inode *inode, > struct ext4_dir_entry *dirent; > int is_dx_block = 0; > > - if (block >= inode->i_size) { > + if (block >= inode->i_size >> inode->i_blkbits) { > ext4_error_inode(inode, func, line, block, > "Attempting to read directory block (%u) that is past i_size (%llu)", > block, inode->i_size); > -- > 2.35.3 >
Powered by blists - more mailing lists