| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 4 Feb 2024 19:51:22 +0800
From: Edward Adam Davis <eadavis@...com>
To: syzbot+57028366b9825d8e8ad0@...kaller.appspotmail.com
Cc: linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: [PATCH next] hfsplus: fix oob in hfsplus_bnode_read_key
In hfs_brec_insert(), if data has not been moved to "data_off + size", the size
should not be added when reading search_key from node->page.
Reported-and-tested-by: syzbot+57028366b9825d8e8ad0@...kaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@...com>
---
fs/hfsplus/brec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/hfsplus/brec.c b/fs/hfsplus/brec.c
index 1918544a7871..9e0e0c1f15a5 100644
--- a/fs/hfsplus/brec.c
+++ b/fs/hfsplus/brec.c
@@ -138,7 +138,8 @@ int hfs_brec_insert(struct hfs_find_data *fd, void *entry, int entry_len)
* at the start of the node and it is not the new node
*/
if (!rec && new_node != node) {
- hfs_bnode_read_key(node, fd->search_key, data_off + size);
+ hfs_bnode_read_key(node, fd->search_key, data_off +
+ (idx_rec_off == data_rec_off ? 0 : size));
hfs_brec_update_parent(fd);
}
--
2.43.0
Powered by blists - more mailing lists