| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Aug 2020 13:23:35 -0400
From: Peilin Ye <yepeilin.cs@...il.com>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-fsdevel@...r.kernel.org,
linux-kernel-mentees@...ts.linuxfoundation.org,
syzkaller-bugs@...glegroups.com, linux-kernel@...r.kernel.org
Subject: Re: [Linux-kernel-mentees] [PATCH] hfs, hfsplus: Fix NULL pointer
dereference in hfs_find_init()
On Wed, Aug 12, 2020 at 11:59:04AM +0300, Dan Carpenter wrote:
> Yeah, the patch doesn't work at all. I looked at one call tree and it
> is:
>
> hfs_mdb_get() tries to allocate HFS_SB(sb)->ext_tree.
>
> HFS_SB(sb)->ext_tree = hfs_btree_open(sb, HFS_EXT_CNID, hfs_ext_keycmp);
> ^^^^^^^^
>
> hfs_btree_open() calls page = read_mapping_page(mapping, 0, NULL);
> read_mapping_page() calls mapping->a_ops->readpage() which leads to
> hfs_readpage() which leads to hfs_ext_read_extent() which calls
> res = hfs_find_init(HFS_SB(inode->i_sb)->ext_tree, &fd);
> ^^^^^^^^
Thank you for pointing this out! I will try to come up with a better way
to fix it.
Peilin Ye
> So we need ->ext_tree to be non-NULL before we can set ->ext_tree to be
> non-NULL... :/
>
> I wonder how long this has been broken and if we should just delete the
> AFS file system.
>
> regards,
> dan carpenter
>
Powered by blists - more mailing lists