| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 31 Aug 2018 14:56:46 +0100
From: Colin Ian King <colin.king@...onical.com>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: linux-fsdevel@...r.kernel.org, David Howells <dhowells@...hat.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: fs: hfs: Possible issue with increment of extent
On 31/08/18 14:56, Al Viro wrote:
> On Fri, Aug 31, 2018 at 02:39:11PM +0100, Colin Ian King wrote:
>> Hi,
>>
>> Static analysis has picked up a potential issue with an out of bounds
>> read in fs/hfs/extent.c; the following for-loop in hfs_free_fork()
>> increments i and also extent while also reading extent[i].count. This
>> looks incorrect to me, I think the increment of extent is not needed:
>>
>> for (i = 0; i < 3; extent++, i++)
>> blocks += be16_to_cpu(extent[i].count);
>>
>> res = hfs_free_extents(sb, extent, blocks, blocks);
>>
>> I'm not familiar enough with the code to conclude that removing the
>> increment of extent is necessary a correct fix just in case I'm missing
>> something subtle here.
>
> Goes back to commit d1081202f1d0 (in bk-to-git historical tree)
> Author: Andrew Morton <akpm@...l.org>
> Date: Wed Feb 25 16:17:36 2004 -0800
>
> [PATCH] HFS rewrite
>
> From: Roman Zippel <zippel@...ux-m68k.org>
>
> and it's almost certainly a bug in there, judging by the code nearby...
>
OK, I'll send a fix then.
Colin
Powered by blists - more mailing lists