mirror of https://github.com/vitalif/e2fsprogs
libext2fs: strengthen i_extra_isize checks when reading/writing xattrs
Strengthen the i_extra_isize checks to look for obviously too-small values before trying to operate on inode EAs. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu>crypto
parent
f99143146a
commit
2c741a8afc
|
@ -536,8 +536,9 @@ errcode_t ext2fs_xattrs_write(struct ext2_xattr_handle *handle)
|
|||
x = handle->attrs;
|
||||
qsort(x, handle->length, sizeof(struct ext2_xattr), attr_compare);
|
||||
|
||||
/* Does the inode have size for EA? */
|
||||
if (EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
|
||||
/* Does the inode have space for EA? */
|
||||
if (inode->i_extra_isize < sizeof(inode->i_extra_isize) ||
|
||||
EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
|
||||
inode->i_extra_isize +
|
||||
sizeof(__u32))
|
||||
goto write_ea_block;
|
||||
|
@ -773,8 +774,9 @@ errcode_t ext2fs_xattrs_read(struct ext2_xattr_handle *handle)
|
|||
|
||||
xattrs_free_keys(handle);
|
||||
|
||||
/* Does the inode have size for EA? */
|
||||
if (EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
|
||||
/* Does the inode have space for EA? */
|
||||
if (inode->i_extra_isize < sizeof(inode->i_extra_isize) ||
|
||||
EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
|
||||
inode->i_extra_isize +
|
||||
sizeof(__u32))
|
||||
goto read_ea_block;
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
Pass 1: Checking inodes, blocks, and sizes
|
||||
Pass 2: Checking directory structure
|
||||
Directory inode 12, block #0, offset 4: directory corrupted
|
||||
Salvage? yes
|
||||
|
||||
Pass 3: Checking directory connectivity
|
||||
Pass 4: Checking reference counts
|
||||
Pass 5: Checking group summary information
|
||||
|
||||
test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
|
||||
test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
|
||||
Exit status is 1
|
|
@ -0,0 +1,7 @@
|
|||
Pass 1: Checking inodes, blocks, and sizes
|
||||
Pass 2: Checking directory structure
|
||||
Pass 3: Checking directory connectivity
|
||||
Pass 4: Checking reference counts
|
||||
Pass 5: Checking group summary information
|
||||
test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
|
||||
Exit status is 0
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
write EA when i_extra_size is too big for EA
|
|
@ -0,0 +1,15 @@
|
|||
Pass 1: Checking inodes, blocks, and sizes
|
||||
Inode 12 has a extra size (1) which is invalid
|
||||
Fix? yes
|
||||
|
||||
Pass 2: Checking directory structure
|
||||
Directory inode 12, block #0, offset 4: directory corrupted
|
||||
Salvage? yes
|
||||
|
||||
Pass 3: Checking directory connectivity
|
||||
Pass 4: Checking reference counts
|
||||
Pass 5: Checking group summary information
|
||||
|
||||
test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
|
||||
test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
|
||||
Exit status is 1
|
|
@ -0,0 +1,7 @@
|
|||
Pass 1: Checking inodes, blocks, and sizes
|
||||
Pass 2: Checking directory structure
|
||||
Pass 3: Checking directory connectivity
|
||||
Pass 4: Checking reference counts
|
||||
Pass 5: Checking group summary information
|
||||
test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
|
||||
Exit status is 0
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
write EA when i_extra_size is too small to make sense
|
Loading…
Reference in New Issue