| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <166771539910.127460.13255978172835793776.b4-ty@mit.edu>
Date: Sun, 6 Nov 2022 01:16:51 -0500
From: "Theodore Ts'o" <tytso@....edu>
To: Luís Henriques <lhenriques@...e.de>,
Andreas Dilger <adilger.kernel@...ger.ca>
Cc: "Theodore Ts'o" <tytso@....edu>, linux-kernel@...r.kernel.org,
stable@...r.kernel.org, linux-ext4@...r.kernel.org
Subject: Re: [PATCH v2] ext4: fix BUG_ON() when directory entry has invalid rec_len
On Wed, 12 Oct 2022 14:13:30 +0100, Luís Henriques wrote:
> The rec_len field in the directory entry has to be a multiple of 4. A
> corrupted filesystem image can be used to hit a BUG() in
> ext4_rec_len_to_disk(), called from make_indexed_dir().
>
> ------------[ cut here ]------------
> kernel BUG at fs/ext4/ext4.h:2413!
> ...
> RIP: 0010:make_indexed_dir+0x53f/0x5f0
> ...
> Call Trace:
> <TASK>
> ? add_dirent_to_buf+0x1b2/0x200
> ext4_add_entry+0x36e/0x480
> ext4_add_nondir+0x2b/0xc0
> ext4_create+0x163/0x200
> path_openat+0x635/0xe90
> do_filp_open+0xb4/0x160
> ? __create_object.isra.0+0x1de/0x3b0
> ? _raw_spin_unlock+0x12/0x30
> do_sys_openat2+0x91/0x150
> __x64_sys_open+0x6c/0xa0
> do_syscall_64+0x3c/0x80
> entry_SYSCALL_64_after_hwframe+0x46/0xb0
>
> [...]
Applied, thanks!
[1/1] ext4: fix BUG_ON() when directory entry has invalid rec_len
commit: 17a0bc9bd697f75cfdf9b378d5eb2d7409c91340
Best regards,
--
Theodore Ts'o <tytso@....edu>
Powered by blists - more mailing lists