| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3399a999-4503-d4f9-d7dd-82a2c18a1a40@paragon-software.com>
Date: Sat, 12 Nov 2022 21:06:53 +0300
From: Konstantin Komarov <almaz.alexandrovich@...agon-software.com>
To: Abdun Nihaal <abdun.nihaal@...il.com>
CC: <ntfs3@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
<skhan@...uxfoundation.org>,
<linux-kernel-mentees@...ts.linuxfoundation.org>,
<syzbot+b892240eac461e488d51@...kaller.appspotmail.com>
Subject: Re: [PATCH] fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs
On 10/1/22 10:00, Abdun Nihaal wrote:
> Syzbot reports an out of bound access in ntfs_trim_fs.
> The cause of this is using a loop termination condition that compares
> window index (iw) with wnd->nbits instead of wnd->nwnd, due to which the
> index used for wnd->free_bits exceeds the size of the array allocated.
>
> Fix the loop condition.
>
> Fixes: 3f3b442b5ad2 ("fs/ntfs3: Add bitmap")
> Link: https://syzkaller.appspot.com/bug?extid=b892240eac461e488d51
> Reported-by: syzbot+b892240eac461e488d51@...kaller.appspotmail.com
> Signed-off-by: Abdun Nihaal <abdun.nihaal@...il.com>
> ---
> fs/ntfs3/bitmap.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/ntfs3/bitmap.c b/fs/ntfs3/bitmap.c
> index 1675c9a69788..629c1ee97268 100644
> --- a/fs/ntfs3/bitmap.c
> +++ b/fs/ntfs3/bitmap.c
> @@ -1424,7 +1424,7 @@ int ntfs_trim_fs(struct ntfs_sb_info *sbi, struct fstrim_range *range)
>
> down_read_nested(&wnd->rw_lock, BITMAP_MUTEX_CLUSTERS);
>
> - for (; iw < wnd->nbits; iw++, wbit = 0) {
> + for (; iw < wnd->nwnd; iw++, wbit = 0) {
> CLST lcn_wnd = iw * wbits;
> struct buffer_head *bh;
>
Thanks for patch, applied!
Powered by blists - more mailing lists