lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y0YQ42Z/XPuHZRS8@mit.edu> Date: Tue, 11 Oct 2022 20:57:07 -0400 From: "Theodore Ts'o" <tytso@....edu> To: Luís Henriques <lhenriques@...e.de> Cc: Andreas Dilger <adilger.kernel@...ger.ca>, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] ext4: fix BUG_ON() when a directory entry has an invalid rec_len On Tue, Oct 11, 2022 at 04:57:45PM +0100, Luís Henriques wrote: > diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c > index 3a31b662f661..06803292e394 100644 > --- a/fs/ext4/namei.c > +++ b/fs/ext4/namei.c > @@ -2254,8 +2254,18 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, > memset(de, 0, len); /* wipe old data */ > de = (struct ext4_dir_entry_2 *) data2; > top = data2 + len; > - while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top) > + while ((char *)(de2 = ext4_next_entry(de, blocksize)) < top) { > + if (de->rec_len & 3) { As the kernel test bot as flaged, de->rec_len needs to be byte swapped on big endian machines. Also, for block sizes larger than 64k the low 2 bits are used to encode rec_len sizes 256k-4. All of this is encoded in ext4_rec_len_from_disk(). However, I think a better thing to do is instead of doing this one check on rec len, that instead we call ext4_check_dir_entry(), which will do this check, and many more besides. It will also avoid some code duplication, since it will take care of calling EXT4_ERROR_INODE with the appropriate explanatory message. - Ted
Powered by blists - more mailing lists