|
|
a9c310 |
From 21e41eeef968941c1ee0126852fdb705967730ea Mon Sep 17 00:00:00 2001
|
|
|
a9c310 |
From: Theodore Ts'o <tytso@mit.edu>
|
|
|
a9c310 |
Date: Fri, 8 Nov 2019 11:58:10 -0500
|
|
|
a9c310 |
Subject: [PATCH 05/10] libext2fs: verify the block numbers for the allocation
|
|
|
a9c310 |
bitmaps are valid
|
|
|
a9c310 |
|
|
|
a9c310 |
This avoids a potential UBsan failure when we multiply an insanely
|
|
|
a9c310 |
high block number with the block size and we get a multiplication
|
|
|
a9c310 |
overflow.
|
|
|
a9c310 |
|
|
|
a9c310 |
Google-Bug-Id: 128130353
|
|
|
a9c310 |
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
|
|
|
a9c310 |
---
|
|
|
a9c310 |
lib/ext2fs/rw_bitmaps.c | 14 ++++++++------
|
|
|
a9c310 |
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
|
a9c310 |
|
|
|
a9c310 |
diff --git a/lib/ext2fs/rw_bitmaps.c b/lib/ext2fs/rw_bitmaps.c
|
|
|
a9c310 |
index e092cab0..d80c9eb8 100644
|
|
|
a9c310 |
--- a/lib/ext2fs/rw_bitmaps.c
|
|
|
a9c310 |
+++ b/lib/ext2fs/rw_bitmaps.c
|
|
|
a9c310 |
@@ -306,9 +306,10 @@ static errcode_t read_bitmaps(ext2_filsys fs, int do_inode, int do_block)
|
|
|
a9c310 |
for (i = 0; i < fs->group_desc_count; i++) {
|
|
|
a9c310 |
if (block_bitmap) {
|
|
|
a9c310 |
blk = ext2fs_block_bitmap_loc(fs, i);
|
|
|
a9c310 |
- if (csum_flag &&
|
|
|
a9c310 |
- ext2fs_bg_flags_test(fs, i, EXT2_BG_BLOCK_UNINIT) &&
|
|
|
a9c310 |
- ext2fs_group_desc_csum_verify(fs, i))
|
|
|
a9c310 |
+ if ((csum_flag &&
|
|
|
a9c310 |
+ ext2fs_bg_flags_test(fs, i, EXT2_BG_BLOCK_UNINIT) &&
|
|
|
a9c310 |
+ ext2fs_group_desc_csum_verify(fs, i)) ||
|
|
|
a9c310 |
+ (blk >= ext2fs_blocks_count(fs->super)))
|
|
|
a9c310 |
blk = 0;
|
|
|
a9c310 |
if (blk) {
|
|
|
a9c310 |
retval = io_channel_read_blk64(fs->io, blk,
|
|
|
a9c310 |
@@ -340,9 +341,10 @@ static errcode_t read_bitmaps(ext2_filsys fs, int do_inode, int do_block)
|
|
|
a9c310 |
}
|
|
|
a9c310 |
if (inode_bitmap) {
|
|
|
a9c310 |
blk = ext2fs_inode_bitmap_loc(fs, i);
|
|
|
a9c310 |
- if (csum_flag &&
|
|
|
a9c310 |
- ext2fs_bg_flags_test(fs, i, EXT2_BG_INODE_UNINIT) &&
|
|
|
a9c310 |
- ext2fs_group_desc_csum_verify(fs, i))
|
|
|
a9c310 |
+ if ((csum_flag &&
|
|
|
a9c310 |
+ ext2fs_bg_flags_test(fs, i, EXT2_BG_INODE_UNINIT) &&
|
|
|
a9c310 |
+ ext2fs_group_desc_csum_verify(fs, i)) ||
|
|
|
a9c310 |
+ (blk >= ext2fs_blocks_count(fs->super)))
|
|
|
a9c310 |
blk = 0;
|
|
|
a9c310 |
if (blk) {
|
|
|
a9c310 |
retval = io_channel_read_blk64(fs->io, blk,
|
|
|
a9c310 |
--
|
|
|
a9c310 |
2.21.1
|
|
|
a9c310 |
|