lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6c65c23a-71f7-d31d-63b1-91919b933def@gmx.com>
Date:   Thu, 14 Mar 2019 15:59:35 +0800
From:   Qu Wenruo <quwenruo.btrfs@....com>
To:     Kangjie Lu <kjlu@....edu>
Cc:     pakki001@....edu, Chris Mason <clm@...com>,
        Josef Bacik <josef@...icpanda.com>,
        David Sterba <dsterba@...e.com>, linux-btrfs@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] btrfs: fix a NULL pointer dereference



On 2019/3/14 下午3:50, Kangjie Lu wrote:
> btrfs_lookup_block_group may fail and return NULL. The fix goes
> to out when it fails to avoid NULL pointer dereference.
> 
> Signed-off-by: Kangjie Lu <kjlu@....edu>
> ---
>  fs/btrfs/extent-tree.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
> index 994f0cc41799..b1e7985bcb9d 100644
> --- a/fs/btrfs/extent-tree.c
> +++ b/fs/btrfs/extent-tree.c
> @@ -7303,6 +7303,8 @@ void btrfs_free_tree_block(struct btrfs_trans_handle *trans,
>  
>  		pin = 0;
>  		cache = btrfs_lookup_block_group(fs_info, buf->start);
> +		if (!cache)
> +			goto out;

The check itself is OK.

Reviewed-by: Qu Wenruo <wqu@...e.com>

The problem is, here we're freeing a tree block, if there is no block
group for it, we shouldn't be able to read the extent buffer out.

So it's near impossible to hit. (Unless there is some other things wrong)

Thanks,
Qu

>  
>  		if (btrfs_header_flag(buf, BTRFS_HEADER_FLAG_WRITTEN)) {
>  			pin_down_extent(fs_info, cache, buf->start,
> 



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ