| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210107234116.6190-2-magnani@ieee.org>
Date: Thu, 7 Jan 2021 17:41:16 -0600
From: Steve Magnani <magnani@...e.org>
To: Jan Kara <jack@...e.com>
Cc: linux-kernel@...r.kernel.org,
"Steven J . Magnani" <magnani@...e.org>
Subject: [PATCH 1/1] udf: fix silent AED tagLocation corruption
From: Steven J. Magnani <magnani@...e.org>
When extending a file, make sure that the pointer to the last written
extent does not get adjusted into the header (tag) portion of an
Allocation Extent Descriptor. Otherwise, a subsequent call to
udf_update_exents() can clobber the AED's tagLocation field, replacing
it with the logical block number of a file extent.
Signed-off-by: Steven J. Magnani <magnani@...e.org>
---
--- a/fs/udf/inode.c 2020-12-28 20:51:29.000000000 -0600
+++ b/fs/udf/inode.c 2021-01-01 19:20:37.163767576 -0600
@@ -547,11 +547,14 @@ static int udf_do_extend_file(struct ino
udf_write_aext(inode, last_pos, &last_ext->extLocation,
last_ext->extLength, 1);
- /*
- * We've rewritten the last extent but there may be empty
- * indirect extent after it - enter it.
- */
- udf_next_aext(inode, last_pos, &tmploc, &tmplen, 0);
+
+ if (new_block_bytes || prealloc_len) {
+ /*
+ * We've rewritten the last extent but there may be empty
+ * indirect extent after it - enter it.
+ */
+ udf_next_aext(inode, last_pos, &tmploc, &tmplen, 0);
+ }
}
/* Managed to do everything necessary? */
Powered by blists - more mailing lists