lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240721201924.48781-2-dennis.lamerice@gmail.com>
Date: Sun, 21 Jul 2024 16:19:18 -0400
From: Dennis Lam <dennis.lamerice@...il.com>
To: iro@...iv.linux.org.uk,
	viro@...iv.linux.org.uk
Cc: Dennis Lam <dennis.lamerice@...il.com>,
	linux-kernel@...r.kernel.org,
	syzbot+f2a9c06bfaa027217ebb@...kaller.appspotmail.com
Subject: [PATCH] btrfs: Change iov_iter_alignment_iovec to check iovec count before accesses an iovec

When checking iov_iter_alignment_iovec for valid read and the iovec is empty,
the function still tries to iterate non-existant values. In this case, the iov
variable is empty and attempting to use iov->iov_len causes a kernel crash.

This patch fixes this by checking the size of the iovec before iterating.

Signed-off-by: Dennis Lam <dennis.lamerice@...il.com>
---
 lib/iov_iter.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 4a6a9f419bd7..2d82ecf1b622 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -783,7 +783,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
 	size_t size = i->count;
 	size_t skip = i->iov_offset;
 
-	do {
+	while(size) {
 		size_t len = iov->iov_len - skip;
 		if (len) {
 			res |= (unsigned long)iov->iov_base + skip;
@@ -794,7 +794,7 @@ static unsigned long iov_iter_alignment_iovec(const struct iov_iter *i)
 		}
 		iov++;
 		skip = 0;
-	} while (size);
+	} 
 	return res;
 }
 
-- 
2.45.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ