| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Mar 2022 18:42:15 +0800 From: Liu Shixin <liushixin2@...wei.com> To: Christoph Hellwig <hch@...radead.org> CC: <linux-kernel@...r.kernel.org>, Liu Shixin <liushixin2@...wei.com> Subject: [PATCH -next] fs: sysv: check sbi->s_firstdatazone in complete_read_super sbi->s_firstinodezone is initialized to 2 and sbi->s_firstdatazone is read from sbd. There's no guarantee that sbi->s_firstdatazone must bigger than sbi->s_firstinodezone. If sbi->s_firstdatazone less than 2, the filesystem can still be mounted unexpetly. At this point, sbi->s_ninodes flip to very large value and this filesystem is broken. We can observe this by executing 'df' command. When we execute, we will get an error message: "sysv_count_free_inodes: unable to read inode table" Signed-off-by: Liu Shixin <liushixin2@...wei.com> --- fs/sysv/super.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/sysv/super.c b/fs/sysv/super.c index d1def0771a40..3365a30dc1e0 100644 --- a/fs/sysv/super.c +++ b/fs/sysv/super.c @@ -312,7 +312,9 @@ static int complete_read_super(struct super_block *sb, int silent, int size) sbi->s_firstinodezone = 2; flavour_setup[sbi->s_type](sbi, &sb->s_max_links); - + if (sbi->s_firstdatazone < sbi->s_firstinodezone) + return 0; + sbi->s_ndatazones = sbi->s_nzones - sbi->s_firstdatazone; sbi->s_inodes_per_block = bsize >> 6; sbi->s_inodes_per_block_1 = (bsize >> 6)-1; -- 2.25.1
Powered by blists - more mailing lists