lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon,  2 Nov 2020 15:15:36 -0500
From:   Tong Zhang <ztong0001@...il.com>
To:     Anders Larsen <al@...rsen.net>, linux-kernel@...r.kernel.org
Cc:     ztong0001@...il.com
Subject: [PATCH v2] qnx4: do not interpret -EIO as a correct address

qnx4_block_map() may return -EIO on funny qnx4 fs image, in this case do
not interpret -EIO as a correct address

Signed-off-by: Tong Zhang <ztong0001@...il.com>
---
v2: also check other callers according to Anders Larsen's<al@...rsen.net> comment
 fs/qnx4/dir.c   | 2 ++
 fs/qnx4/inode.c | 2 ++
 fs/qnx4/namei.c | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/fs/qnx4/dir.c b/fs/qnx4/dir.c
index a6ee23aadd28..11aaf59f0411 100644
--- a/fs/qnx4/dir.c
+++ b/fs/qnx4/dir.c
@@ -31,6 +31,8 @@ static int qnx4_readdir(struct file *file, struct dir_context *ctx)
 
 	while (ctx->pos < inode->i_size) {
 		blknum = qnx4_block_map(inode, ctx->pos >> QNX4_BLOCK_SIZE_BITS);
+		if (blknum == -EIO)
+			return -EIO;
 		bh = sb_bread(inode->i_sb, blknum);
 		if (bh == NULL) {
 			printk(KERN_ERR "qnx4_readdir: bread failed (%ld)\n", blknum);
diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c
index e8da1cde87b9..d3a40c5b1a9a 100644
--- a/fs/qnx4/inode.c
+++ b/fs/qnx4/inode.c
@@ -59,6 +59,8 @@ static int qnx4_get_block( struct inode *inode, sector_t iblock, struct buffer_h
 	QNX4DEBUG((KERN_INFO "qnx4: qnx4_get_block inode=[%ld] iblock=[%ld]\n",inode->i_ino,iblock));
 
 	phys = qnx4_block_map( inode, iblock );
+	if (phys == -EIO)
+		return -EIO;
 	if ( phys ) {
 		// logical block is before EOF
 		map_bh(bh, inode->i_sb, phys);
diff --git a/fs/qnx4/namei.c b/fs/qnx4/namei.c
index 8d72221735d7..164e0c07e3ff 100644
--- a/fs/qnx4/namei.c
+++ b/fs/qnx4/namei.c
@@ -66,6 +66,8 @@ static struct buffer_head *qnx4_find_entry(int len, struct inode *dir,
 	while (blkofs * QNX4_BLOCK_SIZE + offset < dir->i_size) {
 		if (!bh) {
 			block = qnx4_block_map(dir, blkofs);
+			if (block == -EIO)
+				goto out;
 			if (block)
 				bh = sb_bread(dir->i_sb, block);
 			if (!bh) {
@@ -88,6 +90,7 @@ static struct buffer_head *qnx4_find_entry(int len, struct inode *dir,
 		blkofs++;
 	}
 	brelse(bh);
+out:
 	*res_dir = NULL;
 	return NULL;
 }
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ