| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250818141734.8559-1-yang.chenzhi@vivo.com> Date: Mon, 18 Aug 2025 22:17:33 +0800 From: Chenzhi Yang <yang.chenzhi@...o.com> To: slava@...eyko.com, glaubitz@...sik.fu-berlin.de, frank.li@...o.com Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Yang Chenzhi <yang.chenzhi@...o.com> Subject: [PATCH 0/1] hfs: discuss to add offset/length validation in hfs_brec_lenoff From: Yang Chenzhi <yang.chenzhi@...o.com> When running syzbot with a crafted HFS/HFS+ disk image containing invalid record offsets or lengths, the filesystem may hang. For example, in this case syzbot set the header’s second record offset to 0x7f00 while node_size is 4096. HFS/HFS+ failed to detect this fault, which eventually led to a crash. Since HFS/HFS+ makes heavy use of hfs_brec_lenoff, adding manual offset/length checks at every call site would be tedious and error-prone. Instead, it may be more robust to introduce validation directly inside hfs_brec_lenoff (or at a similar central point), ensuring that all callers can safely rely on the returned offset and length without additional checks. Yang Chenzhi (1): hfs: validate record offset in hfsplus_bmap_alloc fs/hfsplus/bnode.c | 41 ---------------------------------------- fs/hfsplus/btree.c | 6 ++++++ fs/hfsplus/hfsplus_fs.h | 42 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 41 deletions(-) -- 2.43.0
Powered by blists - more mailing lists