| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171116115058.110552-2-yuchao0@huawei.com>
Date: Thu, 16 Nov 2017 19:50:56 +0800
From: Chao Yu <yuchao0@...wei.com>
To: <jaegeuk@...nel.org>
CC: <linux-f2fs-devel@...ts.sourceforge.net>,
<linux-kernel@...r.kernel.org>, <chao@...nel.org>,
Chao Yu <yuchao0@...wei.com>
Subject: [PATCH 2/4] fsck.f2fs: fix potential stack overflow issue
In fsck_chk_inode_blk, we will allocate 256 bytes memory in stack before
traversing sub-directory recursively, it's not safe, in order to avoid
potential stack overflow, use malloc instead.
Signed-off-by: Chao Yu <yuchao0@...wei.com>
---
fsck/fsck.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/fsck/fsck.c b/fsck/fsck.c
index ec8871278464..11b8b0b8303d 100644
--- a/fsck/fsck.c
+++ b/fsck/fsck.c
@@ -633,7 +633,7 @@ void fsck_chk_inode_blk(struct f2fs_sb_info *sbi, u32 nid,
u64 i_size = le64_to_cpu(node_blk->i.i_size);
u64 i_blocks = le64_to_cpu(node_blk->i.i_blocks);
int ofs = get_extra_isize(node_blk);
- unsigned char en[F2FS_NAME_LEN + 1];
+ unsigned char *en;
int namelen;
unsigned int idx = 0;
int need_fix = 0;
@@ -838,6 +838,9 @@ check:
}
}
skip_blkcnt_fix:
+ en = malloc(F2FS_NAME_LEN + 1);
+ ASSERT(en);
+
namelen = convert_encrypted_name(node_blk->i.i_name,
le32_to_cpu(node_blk->i.i_namelen),
en, file_enc_name(&node_blk->i));
@@ -879,6 +882,9 @@ skip_blkcnt_fix:
}
}
}
+
+ free(en);
+
if (ftype == F2FS_FT_SYMLINK && i_blocks && i_size == 0) {
DBG(1, "ino: 0x%x i_blocks: %lu with zero i_size",
nid, (unsigned long)i_blocks);
--
2.15.0.55.gc2ece9dc4de6
Powered by blists - more mailing lists