| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 20 Jul 2018 20:19:19 +0100
From: Ben Hutchings <ben.hutchings@...ethink.co.uk>
To: Anatoly Trosinenko <anatoly.trosinenko@...il.com>,
Jan Kara <jack@...e.cz>
Cc: stable@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 4.4 095/105] udf: Detect incorrect directory size
On Sun, 2018-07-01 at 18:02 +0200, Greg Kroah-Hartman wrote:
> 4.4-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Jan Kara <jack@...e.cz>
>
> commit fa65653e575fbd958bdf5fb9c4a71a324e39510d upstream.
>
> Detect when a directory entry is (possibly partially) beyond directory
> size and return EIO in that case since it means the filesystem is
> corrupted. Otherwise directory operations can further corrupt the
> directory and possibly also oops the kernel.
[...]
> --- a/fs/udf/directory.c
> +++ b/fs/udf/directory.c
> @@ -150,6 +150,9 @@ struct fileIdentDesc *udf_fileident_read
> sizeof(struct fileIdentDesc));
> }
> }
> + /* Got last entry outside of dir size - fs is corrupted! */
> + if (*nf_pos > dir->i_size)
> + return NULL;
> return fi;
> }
>
Is the same check needed when iinfo->i_alloc_type ==
ICBTAG_FLAG_AD_IN_ICB?
Ben.
--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom
Powered by blists - more mailing lists