lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 4 Jun 2023 19:52:50 +0800
From:   butt3rflyh4ck <butterflyhuangxx@...il.com>
To:     Matthew Wilcox <willy@...radead.org>
Cc:     Jan Kara <jack@...e.cz>, akpm@...ux-foundation.org,
        yi.zhang@...wei.com, trix@...hat.com, song@...nel.org,
        bvanassche@....org, reiserfs-devel@...r.kernel.org,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: A null-ptr-deref bug in reiserfs_breada in fs/reiserfs/journal.c

Yes, it works! I have tested the patch.

Regards,
 butt3rflyh4ck.


On Sun, Jun 4, 2023 at 7:16 PM Matthew Wilcox <willy@...radead.org> wrote:
>
> On Sun, Jun 04, 2023 at 04:12:56PM +0800, butt3rflyh4ck wrote:
> > Hi, there is a null-ptr-deref  bug in reiserfs_breada in
> > fs/reiserfs/journal.c, I reproduce it in the latest kernel too.
>
> does this fix the problem?
>
> diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c
> index 4d11d60f493c..dd58e0dca5e5 100644
> --- a/fs/reiserfs/journal.c
> +++ b/fs/reiserfs/journal.c
> @@ -2326,7 +2326,7 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
>         int i, j;
>
>         bh = __getblk(dev, block, bufsize);
> -       if (buffer_uptodate(bh))
> +       if (!bh || buffer_uptodate(bh))
>                 return (bh);
>
>         if (block + BUFNR > max_block) {
> @@ -2336,6 +2336,8 @@ static struct buffer_head *reiserfs_breada(struct block_device *dev,
>         j = 1;
>         for (i = 1; i < blocks; i++) {
>                 bh = __getblk(dev, block + i, bufsize);
> +               if (!bh)
> +                       break;
>                 if (buffer_uptodate(bh)) {
>                         brelse(bh);
>                         break;



-- 
Active Defense Lab of Venustech

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ