lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1611800354-9635-1-git-send-email-bingjingc@synology.com>
Date:   Thu, 28 Jan 2021 10:19:14 +0800
From:   bingjingc <bingjingc@...ology.com>
To:     viro@...iv.linux.org.uk, jack@...e.com, jack@...e.cz,
        axboe@...nel.dk, linux-fsdevel@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, cccheng@...ology.com,
        bingjingc@...ology.com, robbieko@...ology.com
Subject: [PATCH 1/3] isofs: handle large user and group ID

From: BingJing Chang <bingjingc@...ology.com>

If uid or gid of mount options is larger than INT_MAX, isofs_fill_super
will return -EINVAL.

The problem can be encountered by a domain user or reproduced via:
mount -o loop,uid=2147483648 ubuntu-16.04.6-server-amd64.iso /mnt

This can be fixed as commit 233a01fa9c4c ("fuse: handle large user and
group ID").

Reviewed-by: Robbie Ko <robbieko@...ology.com>
Reviewed-by: Chung-Chiang Cheng <cccheng@...ology.com>
Signed-off-by: BingJing Chang <bingjingc@...ology.com>
---
 fs/isofs/inode.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
index ec90773..342ac19 100644
--- a/fs/isofs/inode.c
+++ b/fs/isofs/inode.c
@@ -335,10 +335,23 @@ static const match_table_t tokens = {
 	{Opt_err, NULL}
 };
 
+static int isofs_match_uint(substring_t *s, unsigned int *res)
+{
+	int err = -ENOMEM;
+	char *buf = match_strdup(s);
+
+	if (buf) {
+		err = kstrtouint(buf, 10, res);
+		kfree(buf);
+	}
+	return err;
+}
+
 static int parse_options(char *options, struct iso9660_options *popt)
 {
 	char *p;
 	int option;
+	unsigned int uv;
 
 	popt->map = 'n';
 	popt->rock = 1;
@@ -434,17 +447,17 @@ static int parse_options(char *options, struct iso9660_options *popt)
 		case Opt_ignore:
 			break;
 		case Opt_uid:
-			if (match_int(&args[0], &option))
+			if (isofs_match_uint(&args[0], &uv))
 				return 0;
-			popt->uid = make_kuid(current_user_ns(), option);
+			popt->uid = make_kuid(current_user_ns(), uv);
 			if (!uid_valid(popt->uid))
 				return 0;
 			popt->uid_set = 1;
 			break;
 		case Opt_gid:
-			if (match_int(&args[0], &option))
+			if (isofs_match_uint(&args[0], &uv))
 				return 0;
-			popt->gid = make_kgid(current_user_ns(), option);
+			popt->gid = make_kgid(current_user_ns(), uv);
 			if (!gid_valid(popt->gid))
 				return 0;
 			popt->gid_set = 1;
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ