| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5dd9b332-49e3-877d-125b-1de5b46af4d5@gmail.com>
Date: Sat, 2 Sep 2023 23:15:26 +0530
From: Manas Ghandat <ghandatmanas@...il.com>
To: Dave Kleikamp <dave.kleikamp@...cle.com>, shaggy@...nel.org,
liushixin2@...wei.com
Cc: linux-kernel@...r.kernel.org, jfs-discussion@...ts.sourceforge.net,
Linux-kernel-mentees@...ts.linuxfoundation.org,
syzbot+aea1ad91e854d0a83e04@...kaller.appspotmail.com
Subject: Re: [PATCH] jfs: fix array-index-out-of-bounds in dbFindLeaf
Actually I was talking about the stree attribute of dmtree which is
present in both dmaptree and dmapctl.
Link : https://elixir.bootlin.com/linux/v6.5.1/source/fs/jfs/jfs_dmap.h#L168
Since it is an array we can add a check for the size of array like the
code below.
+ if (x + n > (sizeof(tp->dmt_stree)/sizeof(s8)))
+ return -ENOSPC;
On 01/09/23 22:38, Dave Kleikamp wrote:
> On 8/31/23 10:19AM, Manas Ghandat wrote:
>> I was wondering if we could implement a get_tree_size macro wherein
>> we could find the tree size so that we can do the comparison. SInce
>> the tp->dmt_stree is an array we can get its size and fix the out of
>> bounds. Would this thing work?
>
> dmtree_t is a union of two nearly identical structures that both
> contain an stree. The only real difference in the structures is the
> size of the stree, so dbFindLeaf doesn't really know which is being
> used by the caller.
>
Powered by blists - more mailing lists