lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250826033557.127367-2-yang.chenzhi@vivo.com>
Date: Tue, 26 Aug 2025 11:35:54 +0800
From: Chenzhi Yang <yang.chenzhi@...o.com>
To: slava@...eyko.com,
	glaubitz@...sik.fu-berlin.de,
	frank.li@...o.com
Cc: linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Yang Chenzhi <yang.chenzhi@...o.com>
Subject: [RFC PATCH 1/4] hfs: add hfs_off_and_len_is_valid helper

From: Yang Chenzhi <yang.chenzhi@...o.com>

Introduce a helper function hfs_off_and_len_is_valid, which combines
is_bnode_offset_valid and check_and_correct_request_len.

The motivation is that check_and_correct_request_len correcting the
length may force the caller to continue the execution, but the
corrected length might not match the buffer size, this may trigger a
out-of-bounds memory access. In addition, if the bnode is corrupted,
continuing to read data may trigger unknown bugs.

It is still unclear whether there are special cases where the
length must be corrected, so instead of replacing the existing
logic, this helper function is added.

Signed-off-by: Yang Chenzhi <yang.chenzhi@...o.com>
---
 fs/hfs/btree.h | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/fs/hfs/btree.h b/fs/hfs/btree.h
index 0e6baee93245..fb69f66409f4 100644
--- a/fs/hfs/btree.h
+++ b/fs/hfs/btree.h
@@ -170,3 +170,21 @@ struct hfs_btree_header_rec {
 						   max key length. use din catalog
 						   b-tree but not in extents
 						   b-tree (hfsplus). */
+static inline
+bool hfs_off_and_len_is_valid(struct hfs_bnode *node, u16 off, u16 len)
+{
+	bool ret = true;
+	if (off > node->tree->node_size ||
+			off + len > node->tree->node_size)
+		ret = false;
+
+	if (!ret) {
+		pr_err("requested invalid offset: "
+		       "NODE: id %u, type %#x, height %u, "
+		       "node_size %u, offset %u, length %u\n",
+		       node->this, node->type, node->height,
+		       node->tree->node_size, off, len);
+	}
+
+	return ret;
+}
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ