| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y0YQ42Z/XPuHZRS8@mit.edu>
Date: Tue, 11 Oct 2022 20:57:07 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Luís Henriques <lhenriques@...e.de>
Cc: Andreas Dilger <adilger.kernel@...ger.ca>,
linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH] ext4: fix BUG_ON() when a directory entry has an invalid
rec_len
On Tue, Oct 11, 2022 at 04:57:45PM +0100, Luís Henriques wrote:
> diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
> index 3a31b662f661..06803292e394 100644
> --- a/fs/ext4/namei.c
> +++ b/fs/ext4/namei.c
> @@ -2254,8 +2254,18 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname,
> memset(de, 0, len); /* wipe old data */
> de = (struct ext4_dir_entry_2 *) data2;
> top = data2 + len;
> - while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top)
> + while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top) {
> + if (de->rec_len & 3) {
As the kernel test bot as flaged, de->rec_len needs to be byte swapped
on big endian machines. Also, for block sizes larger than 64k the low
2 bits are used to encode rec_len sizes 256k-4. All of this is
encoded in ext4_rec_len_from_disk().
However, I think a better thing to do is instead of doing this one
check on rec len, that instead we call ext4_check_dir_entry(), which
will do this check, and many more besides. It will also avoid some
code duplication, since it will take care of calling EXT4_ERROR_INODE
with the appropriate explanatory message.
- Ted
Powered by blists - more mailing lists