Re: [PATCH 1/2] mke2fs: fix project quota creation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, May 22, 2016 at 10:19 AM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> Creating a file system with project quotas can fail if mke2fs is built
> using hardening options.  This is because quota_compute_usage() used
> ext2fs_get_next_inode() instead of ext2fs_get_inode_full(), and a
> small inode was passed into quota_data_add, when a large inode needs
> to be used.  As a result get_dq() would end up dereferencing undefined
> space in the stack.  Without the hardening options, this would be
> zero, so "mke2fs -t ext4 -O project.quota -I 256 test.img" would work
> essentially by accident.
>
> Fix this by using ext2fs_get_inode_full() so that a large inode is
> available to quota_data_inodes().
>
> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>

I thought Li Xi sent updated e2fsprogs including this fixing parts.
maybe because you merged early version patches.

Reviewed-by: Wang Shilong <wshilong@xxxxxxx>

> ---
>  lib/support/mkquota.c | 21 +++++++++++++--------
>  1 file changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
> index c5dd140..a432d4e 100644
> --- a/lib/support/mkquota.c
> +++ b/lib/support/mkquota.c
> @@ -448,7 +448,8 @@ errcode_t quota_compute_usage(quota_ctx_t qctx)
>         ext2_filsys fs;
>         ext2_ino_t ino;
>         errcode_t ret;
> -       struct ext2_inode inode;
> +       struct ext2_inode *inode;
> +       int inode_size;
>         qsize_t space;
>         ext2_inode_scan scan;
>
> @@ -461,27 +462,31 @@ errcode_t quota_compute_usage(quota_ctx_t qctx)
>                 log_err("while opening inode scan. ret=%ld", ret);
>                 return ret;
>         }
> -
> +       inode_size = fs->super->s_inode_size;
> +       inode = malloc(inode_size);
> +       if (!inode)
> +               return ENOMEM;
>         while (1) {
> -               ret = ext2fs_get_next_inode(scan, &ino, &inode);
> +               ret = ext2fs_get_next_inode_full(scan, &ino, inode, inode_size);
>                 if (ret) {
>                         log_err("while getting next inode. ret=%ld", ret);
>                         ext2fs_close_inode_scan(scan);
> +                       free(inode);
>                         return ret;
>                 }
>                 if (ino == 0)
>                         break;
> -               if (inode.i_links_count &&
> +               if (inode->i_links_count &&
>                     (ino == EXT2_ROOT_INO ||
>                      ino >= EXT2_FIRST_INODE(fs->super))) {
> -                       space = ext2fs_inode_i_blocks(fs, &inode) << 9;
> -                       quota_data_add(qctx, &inode, ino, space);
> -                       quota_data_inodes(qctx, &inode, ino, +1);
> +                       space = ext2fs_inode_i_blocks(fs, inode) << 9;
> +                       quota_data_add(qctx, inode, ino, space);
> +                       quota_data_inodes(qctx, inode, ino, +1);
>                 }
>         }
>
>         ext2fs_close_inode_scan(scan);
> -
> +       free(inode);
>         return 0;
>  }
>
> --
> 2.5.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux