| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jan 2022 11:32:12 -0800
From: "Darrick J. Wong" <djwong@...nel.org>
To: zhangyue <zhangyue1@...inos.cn>
Cc: linux-xfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] xfs: fix the problem that the array may be out of bound
On Fri, Nov 19, 2021 at 04:17:58PM +0800, zhangyue wrote:
> In function 'xfs_btree_delrec()', if all data in array
> 'cur->bc_ptrs[level]' is 0, the 'level' may be greater than
> or equal to 'XFS_BTREE_MAXLEVELS'.
>
> At this time, the array may be out of bound.
>
> Signed-off-by: zhangyue <zhangyue1@...inos.cn>
I /think/ this is no longer necessary since XFS_BTREE_MAXLEVELS went
away in 5.16, but if you disagree, please resend.
--D
> ---
> fs/xfs/libxfs/xfs_btree.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/fs/xfs/libxfs/xfs_btree.c b/fs/xfs/libxfs/xfs_btree.c
> index bbdae2b4559f..fe66d1adc169 100644
> --- a/fs/xfs/libxfs/xfs_btree.c
> +++ b/fs/xfs/libxfs/xfs_btree.c
> @@ -3694,6 +3694,9 @@ xfs_btree_delrec(
> tcur = NULL;
>
> /* Get the index of the entry being deleted, check for nothing there. */
> + if (level >= XFS_BTREE_MAXLEVELS)
> + return -EFSCORRUPTED;
> +
> ptr = cur->bc_ptrs[level];
> if (ptr == 0) {
> *stat = 0;
> --
> 2.30.0
>
Powered by blists - more mailing lists