| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <66f1d868.050a0220.c23dd.0017.GAE@google.com>
Date: Mon, 23 Sep 2024 14:06:48 -0700
From: syzbot <syzbot+18a5c5e8a9c856944876@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] general protection fault in __copy_super
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: general protection fault in __copy_super
Author: djahchankoike@...il.com
#syz test
__bch2_read_super may return no error code when a corrupt backup
superblock has matching offsets with default opts, the superblock
is freed and is later dereferenced causing a fault. Assign EINVALID
when checking sb offsets.
Signed-off-by: Diogo Jahchan Koike <djahchankoike@...il.com>
---
fs/bcachefs/super-io.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/bcachefs/super-io.c b/fs/bcachefs/super-io.c
index c8c2ccbdfbb5..fbca0bd302db 100644
--- a/fs/bcachefs/super-io.c
+++ b/fs/bcachefs/super-io.c
@@ -796,8 +796,10 @@ static int __bch2_read_super(const char *path, struct bch_opts *opts,
i < layout.sb_offset + layout.nr_superblocks; i++) {
offset = le64_to_cpu(*i);
- if (offset == opt_get(*opts, sb))
+ if (offset == opt_get(*opts, sb)) {
+ ret = -BCH_ERR_invalid;
continue;
+ }
ret = read_one_super(sb, offset, &err);
if (!ret)
--
2.43.0
Powered by blists - more mailing lists