lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 23 Jun 2022 03:51:31 +0000
From:   cgel.zte@...il.com
To:     anton@...era.com, linux-ntfs-dev@...ts.sourceforge.net,
        stable@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, xu.xin16@....com.cn,
        linux-fsdevel@...r.kernel.org, Zeal Robot <zealci@....com.cn>,
        syzbot+6a5a7672f663cce8b156@...kaller.appspotmail.com,
        Songyi Zhang <zhang.songyi@....com.cn>,
        Yang Yang <yang.yang29@....com.cn>,
        Jiang Xuexin <jiang.xuexin@....com.cn>,
        Zhang wenya <zhang.wenya1@....com.cn>
Subject: [PATCH] fs/ntfs: fix BUG_ON of ntfs_read_block()

From: xu xin <xu.xin16@....com.cn>

As the bug description, attckers can use this bug to crash the system
When CONFIG_NTFS_FS is set.

So remove the BUG_ON, and use WARN and return instead until someone
really solve the bug.

Reported-by: Zeal Robot <zealci@....com.cn>
Reported-by: syzbot+6a5a7672f663cce8b156@...kaller.appspotmail.com
Reviewed-by: Songyi Zhang <zhang.songyi@....com.cn>
Reviewed-by: Yang Yang <yang.yang29@....com.cn>
Reviewed-by: Jiang Xuexin<jiang.xuexin@....com.cn>
Reviewed-by: Zhang wenya<zhang.wenya1@....com.cn>
Signed-off-by: xu xin <xu.xin16@....com.cn>
---
 fs/ntfs/aops.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/ntfs/aops.c b/fs/ntfs/aops.c
index 5f4fb6ca6f2e..b6fd7e711420 100644
--- a/fs/ntfs/aops.c
+++ b/fs/ntfs/aops.c
@@ -183,7 +183,11 @@ static int ntfs_read_block(struct page *page)
 	vol = ni->vol;
 
 	/* $MFT/$DATA must have its complete runlist in memory at all times. */
-	BUG_ON(!ni->runlist.rl && !ni->mft_no && !NInoAttr(ni));
+	if (unlikely(!ni->runlist.rl && !ni->mft_no && !NInoAttr(ni))) {
+		WARN(1, "NTFS: ni->runlist.rl, ni->mft_no, and NInoAttr(ni) is null!\n");
+		unlock_page(page);
+		return -EINVAL;
+	}
 
 	blocksize = vol->sb->s_blocksize;
 	blocksize_bits = vol->sb->s_blocksize_bits;
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ