Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ext2: Verify bitmap and itable block numbers before using them 

Verify bitmap block numbers and inode table blocks are sane before using
them for checking bits in the block bitmap.

CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
Jan Kara 2024-06-24 17:12:56 +02:00
parent 56e69e5975
commit 322a6aff03
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
fs/ext2/balloc.c
View File

@ -77,26 +77,33 @@ static int ext2_valid_block_bitmap(struct super_block *sb,
ext2_grpblk_t next_zero_bit; ext2_grpblk_t next_zero_bit;
ext2_fsblk_t bitmap_blk; ext2_fsblk_t bitmap_blk;
ext2_fsblk_t group_first_block; ext2_fsblk_t group_first_block;
ext2_grpblk_t max_bit;
group_first_block = ext2_group_first_block_no(sb, block_group); group_first_block = ext2_group_first_block_no(sb, block_group);
max_bit = ext2_group_last_block_no(sb, block_group) - group_first_block;
/* check whether block bitmap block number is set */ /* check whether block bitmap block number is set */
bitmap_blk = le32_to_cpu(desc->bg_block_bitmap); bitmap_blk = le32_to_cpu(desc->bg_block_bitmap);
offset = bitmap_blk - group_first_block; offset = bitmap_blk - group_first_block;
if (!ext2_test_bit(offset, bh->b_data)) if (offset < 0 || offset > max_bit ||
!ext2_test_bit(offset, bh->b_data))
/* bad block bitmap */ /* bad block bitmap */
goto err_out; goto err_out;
/* check whether the inode bitmap block number is set */ /* check whether the inode bitmap block number is set */
bitmap_blk = le32_to_cpu(desc->bg_inode_bitmap); bitmap_blk = le32_to_cpu(desc->bg_inode_bitmap);
offset = bitmap_blk - group_first_block; offset = bitmap_blk - group_first_block;
if (!ext2_test_bit(offset, bh->b_data)) if (offset < 0 || offset > max_bit ||
!ext2_test_bit(offset, bh->b_data))
/* bad block bitmap */ /* bad block bitmap */
goto err_out; goto err_out;
/* check whether the inode table block number is set */ /* check whether the inode table block number is set */
bitmap_blk = le32_to_cpu(desc->bg_inode_table); bitmap_blk = le32_to_cpu(desc->bg_inode_table);
offset = bitmap_blk - group_first_block; offset = bitmap_blk - group_first_block;
if (offset < 0 || offset > max_bit ||
offset + EXT2_SB(sb)->s_itb_per_group - 1 > max_bit)
goto err_out;
next_zero_bit = ext2_find_next_zero_bit(bh->b_data, next_zero_bit = ext2_find_next_zero_bit(bh->b_data,
offset + EXT2_SB(sb)->s_itb_per_group, offset + EXT2_SB(sb)->s_itb_per_group,
offset); offset);