projects / platform / kernel / u-boot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6e5a79d)
CVE-2019-13104: ext4: check for underflow in ext4fs_read_file
authorPaul Emge <paulemge@forallsecure.com>
Mon, 8 Jul 2019 23:37:05 +0000 (16:37 -0700)
committerTom Rini <trini@konsulko.com>
Thu, 18 Jul 2019 15:31:29 +0000 (11:31 -0400)
in ext4fs_read_file, it is possible for a broken/malicious file
system to cause a memcpy of a negative number of bytes, which
overflows all memory. This patch fixes the issue by checking for
a negative length.

Signed-off-by: Paul Emge <paulemge@forallsecure.com>
fs/ext4/ext4fs.c patch | blob | history

diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c
index 85dc122..e2b740c 100644 (file)
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
 
        ext_cache_init(&cache);
 
-       if (blocksize <= 0)
-               return -1;
-
        /* Adjust len so it we can't read past the end of the file. */
        if (len + pos > filesize)
                len = (filesize - pos);
 
+       if (blocksize <= 0 || len <= 0) {
+               ext_cache_fini(&cache);
+               return -1;
+       }
+
        blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);
 
        for (i = lldiv(pos, blocksize); i < blockcnt; i++) {
Domain: System / Kernel;