| Message ID | 0e869ff2f4ace0acb4bcfcd9a6fcf95d95b1d85a.1605232441.git.dxu@dxuuu.xyz (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | btrfs: tree-checker: Error out if invalid btrfs_root_item size found | expand |
On 2020/11/13 上午9:55, Daniel Xu wrote: > There was a proper error check but it failed to error out. This can > cause stack scribbling against a crafted iamge. > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=210181 > Signed-off-by: Daniel Xu <dxu@dxuuu.xyz> Reviewed-by: Qu Wenruo <wqu@suse.com> Can't believe I just forgot that... Thanks, Qu > --- > fs/btrfs/tree-checker.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c > index 8784b74f5232..6cefabd27209 100644 > --- a/fs/btrfs/tree-checker.c > +++ b/fs/btrfs/tree-checker.c > @@ -1068,6 +1068,7 @@ static int check_root_item(struct extent_buffer *leaf, struct btrfs_key *key, > "invalid root item size, have %u expect %zu or %u", > btrfs_item_size_nr(leaf, slot), sizeof(ri), > btrfs_legacy_root_item_size()); > + return -EUCLEAN; > } > > /* >
On Thu, Nov 12, 2020 at 05:55:06PM -0800, Daniel Xu wrote: > There was a proper error check but it failed to error out. This can > cause stack scribbling against a crafted iamge. > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=210181 > Signed-off-by: Daniel Xu <dxu@dxuuu.xyz> Added to misc-next, thanks.
diff --git a/fs/btrfs/tree-checker.c b/fs/btrfs/tree-checker.c index 8784b74f5232..6cefabd27209 100644 --- a/fs/btrfs/tree-checker.c +++ b/fs/btrfs/tree-checker.c @@ -1068,6 +1068,7 @@ static int check_root_item(struct extent_buffer *leaf, struct btrfs_key *key, "invalid root item size, have %u expect %zu or %u", btrfs_item_size_nr(leaf, slot), sizeof(ri), btrfs_legacy_root_item_size()); + return -EUCLEAN; } /*
There was a proper error check but it failed to error out. This can cause stack scribbling against a crafted iamge. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=210181 Signed-off-by: Daniel Xu <dxu@dxuuu.xyz> --- fs/btrfs/tree-checker.c | 1 + 1 file changed, 1 insertion(+)