CVE-2019-13104: ext4: check for underflow in ext4fs_read_file

in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: N Paul Emge <paulemge@forallsecure.com>

CVE-2019-13104: ext4: check for underflow in ext4fs_read_file
in ext4fs_read_file, it is possible for a broken/malicious file system to cause a memcpy of a negative number of bytes, which overflows all memory. This patch fixes the issue by checking for a negative length. Signed-off-by: N Paul Emge <paulemge@forallsecure.com>
878269db · Paul Emge · Tom Rini · 6e5a79de · 878269db
隐藏空白更改
内联并排

Showing with 5 addition and 3 deletion

fs/ext4/ext4fs.c fs/ext4/ext4fs.c +5 -3

未找到文件。
--- a/fs/ext4/ext4fs.c
+++ b/fs/ext4/ext4fs.c
@@ -66,13 +66,15 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,

 	ext_cache_init(&cache);

-	if (blocksize <= 0)
-		return -1;
-
 	/* Adjust len so it we can't read past the end of the file. */
 	if (len + pos > filesize)
 		len = (filesize - pos);

+	if (blocksize <= 0 || len <= 0) {
+		ext_cache_fini(&cache);
+		return -1;
+	}
+
 	blockcnt = lldiv(((len + pos) + blocksize - 1), blocksize);

 	for (i = lldiv(pos, blocksize); i < blockcnt; i++) {