lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <1611800372-9688-1-git-send-email-bingjingc@synology.com>
Date:   Thu, 28 Jan 2021 10:19:32 +0800
From:   bingjingc <bingjingc@...ology.com>
To:     viro@...iv.linux.org.uk, jack@...e.com, jack@...e.cz,
        axboe@...nel.dk, linux-fsdevel@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, cccheng@...ology.com,
        bingjingc@...ology.com, robbieko@...ology.com
Subject: [PATCH 2/3] udf: handle large user and group ID

From: BingJing Chang <bingjingc@...ology.com>

If uid or gid of mount options is larger than INT_MAX, udf_fill_super will
return -EINVAL.

The problem can be encountered by a domain user or reproduced via:
mount -o loop,uid=2147483648 something-in-udf-format.iso /mnt

This can be fixed as commit 233a01fa9c4c ("fuse: handle large user and
group ID").

Reviewed-by: Robbie Ko <robbieko@...ology.com>
Reviewed-by: Chung-Chiang Cheng <cccheng@...ology.com>
Signed-off-by: BingJing Chang <bingjingc@...ology.com>
---
 fs/udf/super.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/fs/udf/super.c b/fs/udf/super.c
index d0df217..efeac8c 100644
--- a/fs/udf/super.c
+++ b/fs/udf/super.c
@@ -454,11 +454,24 @@ static const match_table_t tokens = {
 	{Opt_err,	NULL}
 };
 
+static int udf_match_uint(substring_t *s, unsigned int *res)
+{
+	int err = -ENOMEM;
+	char *buf = match_strdup(s);
+
+	if (buf) {
+		err = kstrtouint(buf, 10, res);
+		kfree(buf);
+	}
+	return err;
+}
+
 static int udf_parse_options(char *options, struct udf_options *uopt,
 			     bool remount)
 {
 	char *p;
 	int option;
+	unsigned int uv;
 
 	uopt->novrs = 0;
 	uopt->session = 0xFFFFFFFF;
@@ -508,17 +521,17 @@ static int udf_parse_options(char *options, struct udf_options *uopt,
 			uopt->flags &= ~(1 << UDF_FLAG_USE_SHORT_AD);
 			break;
 		case Opt_gid:
-			if (match_int(args, &option))
+			if (udf_match_uint(args, &uv))
 				return 0;
-			uopt->gid = make_kgid(current_user_ns(), option);
+			uopt->gid = make_kgid(current_user_ns(), uv);
 			if (!gid_valid(uopt->gid))
 				return 0;
 			uopt->flags |= (1 << UDF_FLAG_GID_SET);
 			break;
 		case Opt_uid:
-			if (match_int(args, &option))
+			if (udf_match_uint(args, &uv))
 				return 0;
-			uopt->uid = make_kuid(current_user_ns(), option);
+			uopt->uid = make_kuid(current_user_ns(), uv);
 			if (!uid_valid(uopt->uid))
 				return 0;
 			uopt->flags |= (1 << UDF_FLAG_UID_SET);
-- 
2.7.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ