ext4: add more inode number paranoia checks
authorTheodore Ts'o <tytso@mit.edu>
Sun, 17 Jun 2018 04:41:14 +0000 (00:41 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 11 Jul 2018 14:29:18 +0000 (16:29 +0200)
commitc24aab6d86640ccf321b87be6096319f55b16274
tree3f045fd52fe057fd353de683064d925edb0fb27e
parent02945e49dc2026459e069467ec64e3fbecda844f
ext4: add more inode number paranoia checks

commit c37e9e013469521d9adb932d17a1795c139b36db upstream.

If there is a directory entry pointing to a system inode (such as a
journal inode), complain and declare the file system to be corrupted.

Also, if the superblock's first inode number field is too small,
refuse to mount the file system.

This addresses CVE-2018-10882.

https://bugzilla.kernel.org/show_bug.cgi?id=200069

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ext4/ext4.h
fs/ext4/inode.c
fs/ext4/super.c