[e2fsprogs] Bug in salvage_directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Ted,

Recently, one of our customers found this message in pass2 of e2fsck while doing some regression testing:
"Entry '4, 0x695a, 0x81ff, 0x0040, 0x8320, 0xa192, 0x0021' in ??? (136554) has
rec_len of 14200, should be 26908."

Both the displayed rec_len and the "should be" value are bogus. The reason is that salvage_directory sets a offset beyond blocksize leading to bogus messages.

Signed-off-by: Kalpak Shah <kalpak@xxxxxxxxxxxxx>

Index: e2fsprogs-1.39/e2fsck/pass2.c
===================================================================
--- e2fsprogs-1.39.orig/e2fsck/pass2.c
+++ e2fsprogs-1.39/e2fsck/pass2.c
@@ -690,7 +690,10 @@ static void salvage_directory(ext2_filsy
 	 */
 	if (prev && dirent->rec_len && (dirent->rec_len % 4) == 0) {
 		prev->rec_len += dirent->rec_len;
-		*offset += dirent->rec_len;
+		if (*offset + dirent->rec_len <= fs->blocksize)
+			*offset += dirent->rec_len;
+		else
+			*offset = fs->blocksize;
 		return;
 	}
 	/*


Thanks,
Kalpak.

-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux