| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20231115143917.fdec61135bf3436fc15d2d2c@linux-foundation.org>
Date: Wed, 15 Nov 2023 14:39:17 -0800
From: Andrew Morton <akpm@...ux-foundation.org>
To: Edward Adam Davis <eadavis@...com>
Cc: syzbot+604424eb051c2f696163@...kaller.appspotmail.com,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
phillip@...ashfs.org.uk, squashfs-devel@...ts.sourceforge.net,
syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] squashfs: fix oob in squashfs_readahead
On Wed, 15 Nov 2023 12:05:35 +0800 Edward Adam Davis <eadavis@...com> wrote:
> Before performing a read ahead operation in squashfs_read_folio() and
> squashfs_readahead(), check if i_size is not 0 before continuing.
I'll merge this for testing, pending Phillip's review. One thing:
> --- a/fs/squashfs/block.c
> +++ b/fs/squashfs/block.c
> @@ -323,7 +323,7 @@ int squashfs_read_data(struct super_block *sb, u64 index, int length,
> }
> if (length < 0 || length > output->length ||
> (index + length) > msblk->bytes_used) {
> - res = -EIO;
> + res = length < 0 ? -EIO : -EFBIG;
> goto out;
> }
Seems a bit ugly to test `length' twice for the same thing. How about
if (length < 0) {
res = -EIO;
got out;
}
if (length > output->length || (index + length) > msblk->bytes_used) {
res = -EFBIG;
goto out;
}
?
Powered by blists - more mailing lists