lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1c4d5baa-0ee9-46f9-b7d1-cb69387cc0d0@suse.com>
Date: Wed, 21 Aug 2024 14:16:17 +0800
From: "heming.zhao@...e.com" <heming.zhao@...e.com>
To: Matthew Wilcox <willy@...radead.org>, joseph.qi@...ux.alibaba.com,
 Edward Adam Davis <eadavis@...com>
Cc: syzbot+5a64828fcc4c2ad9b04f@...kaller.appspotmail.com,
 jlbec@...lplan.org, linux-kernel@...r.kernel.org, mark@...heh.com,
 ocfs2-devel@...ts.linux.dev, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] ocfs2: Add i_size check for dir



On 8/20/24 22:59, Matthew Wilcox wrote:
> On Tue, Aug 20, 2024 at 08:08:38PM +0800, Edward Adam Davis wrote:
>> When the i_size of dir is too large, it will cause limit to overflow and
>> be less than de_buf, ultimately resulting in last_de not being initialized
>> and causing uaf issue.
>>   
>> +	if (i_size_read(dir) > OCFS2_MAX_BLOCKSIZE)
>> +		return -EINVAL;
> 
> Surely directories can be more than one block in size?
> 

The key point above is that the patch uses a hard code value, but in the real world,
the blocksize can be smaller than OCFS2_MAX_BLOCKSIZE.

-Heming

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ