lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZHxydoL06XHR1bOx@casper.infradead.org>
Date:   Sun, 4 Jun 2023 12:16:06 +0100
From:   Matthew Wilcox <willy@...radead.org>
To:     butt3rflyh4ck <butterflyhuangxx@...il.com>
Cc:     Jan Kara <jack@...e.cz>, akpm@...ux-foundation.org,
        yi.zhang@...wei.com, trix@...hat.com, song@...nel.org,
        bvanassche@....org, reiserfs-devel@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: A null-ptr-deref bug in reiserfs_breada in fs/reiserfs/journal.c

On Sun, Jun 04, 2023 at 04:12:56PM +0800, butt3rflyh4ck wrote:
> Hi, there is a null-ptr-deref  bug in reiserfs_breada in
> fs/reiserfs/journal.c, I reproduce it in the latest kernel too.

does this fix the problem?

diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
index 4d11d60f493c..dd58e0dca5e5 100644
--- a/fs/reiserfs/journal.c
+++ b/fs/reiserfs/journal.c
@@ -2326,7 +2326,7 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
 	int i, j;
 
 	bh = __getblk(dev, block, bufsize);
-	if (buffer_uptodate(bh))
+	if (!bh || buffer_uptodate(bh))
 		return (bh);
 
 	if (block + BUFNR > max_block) {
@@ -2336,6 +2336,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
 	j = 1;
 	for (i = 1; i < blocks; i++) {
 		bh = __getblk(dev, block + i, bufsize);
+		if (!bh)
+			break;
 		if (buffer_uptodate(bh)) {
 			brelse(bh);
 			break;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ