| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240918093634.12906-1-zhaomzhao@126.com> Date: Wed, 18 Sep 2024 17:36:31 +0800 From: Zhao Mengmeng <zhaomzhao@....com> To: jack@...e.com, zhaomengmeng@...inos.cn Cc: linux-kernel@...r.kernel.org Subject: [PATCH 0/3] udf: refactor udf_current_aext()/udf_next_aext() to handle error From: Zhao Mengmeng <zhaomengmeng@...inos.cn> syzbot reports a udf slab-out-of-bounds at [1] and I proposed a fix patch, after talking with Jan, a better way to fix this is to refactor udf_current_aext() and udf_next_aext() to differentiate between error and "hit EOF". This series refactor udf_current_aext(), udf_next_aext() and inode_bmap(), they take pointer to etype to store the extent type and just return 0 on success, <0 on error. It has passed the syz repro test. [1]. https://lore.kernel.org/all/0000000000005093590621340ecf@google.com/ Zhao Mengmeng (3): udf: refactor udf_current_aext() to handle error udf: refactor udf_next_aext() to handle error udf: refactor inode_bmap() to handle error fs/udf/balloc.c | 6 +-- fs/udf/directory.c | 20 +++++--- fs/udf/inode.c | 112 ++++++++++++++++++++++++++------------------- fs/udf/partition.c | 6 ++- fs/udf/super.c | 3 +- fs/udf/truncate.c | 16 +++---- fs/udf/udfdecl.h | 15 +++--- 7 files changed, 104 insertions(+), 74 deletions(-) -- 2.43.0
Powered by blists - more mailing lists