lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20210114145740.GA27380@quack2.suse.cz>
Date:   Thu, 14 Jan 2021 15:57:40 +0100
From:   Jan Kara <jack@...e.cz>
To:     Steve Magnani <magnani@...e.org>
Cc:     Jan Kara <jack@...e.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] udf: fix silent AED tagLocation corruption

On Thu 07-01-21 17:41:16, Steve Magnani wrote:
> From: Steven J. Magnani <magnani@...e.org>
> 
> When extending a file, make sure that the pointer to the last written
> extent does not get adjusted into the header (tag) portion of an
> Allocation Extent Descriptor. Otherwise, a subsequent call to
> udf_update_exents() can clobber the AED's tagLocation field, replacing
> it with the logical block number of a file extent.
> 
> Signed-off-by: Steven J. Magnani <magnani@...e.org>

Thanks! It took me some time to understand what's the actual problem but
eventually I've understood - I've updated the changelog and a comment to
explain a bit more and merged the patch into my tree.

								Honza

> ---
> --- a/fs/udf/inode.c	2020-12-28 20:51:29.000000000 -0600
> +++ b/fs/udf/inode.c	2021-01-01 19:20:37.163767576 -0600
> @@ -547,11 +547,14 @@ static int udf_do_extend_file(struct ino
>  
>  		udf_write_aext(inode, last_pos, &last_ext->extLocation,
>  				last_ext->extLength, 1);
> -		/*
> -		 * We've rewritten the last extent but there may be empty
> -		 * indirect extent after it - enter it.
> -		 */
> -		udf_next_aext(inode, last_pos, &tmploc, &tmplen, 0);
> +
> +		if (new_block_bytes || prealloc_len) {
> +			/*
> +			 * We've rewritten the last extent but there may be empty
> +			 * indirect extent after it - enter it.
> +			 */
> +			udf_next_aext(inode, last_pos, &tmploc, &tmplen, 0);
> +		}
>  	}
>  
>  	/* Managed to do everything necessary? */
> 
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ