On Nov 17, 2016, at 9:26 PM, Theodore Ts'o <tytso@xxxxxxx> wrote: > > If the block size or cluster size is insane, reject the mount. This > is important for security reasons (although we shouldn't be just > depending on this check). > > Ref: http://www.securityfocus.com/archive/1/539661 > Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1332506 > Reported-by: Borislav Petkov <bp@xxxxxxxxx> > Reported-by: Nikolay Borisov <kernel@xxxxxxxx> > Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx > --- > fs/ext4/ext4.h | 1 + > fs/ext4/super.c | 17 ++++++++++++++++- > 2 files changed, 17 insertions(+), 1 deletion(-) > > diff --git a/fs/ext4/super.c b/fs/ext4/super.c > index 35ccbdc2d64e..12f50ef56fe1 100644 > --- a/fs/ext4/super.c > +++ b/fs/ext4/super.c > @@ -3567,7 +3567,15 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) > if (blocksize < EXT4_MIN_BLOCK_SIZE || > blocksize > EXT4_MAX_BLOCK_SIZE) { > ext4_msg(sb, KERN_ERR, > - "Unsupported filesystem blocksize %d", blocksize); > + "Unsupported filesystem blocksize %d (%d)", Would be good to indicate what the second value is, like "(%d bits)". Cheers, Andreas > + blocksize, le32_to_cpu(es->s_log_block_size)); > + goto failed_mount; > + } > + if (le32_to_cpu(es->s_log_block_size) > > + (EXT4_MAX_BLOCK_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) { > + ext4_msg(sb, KERN_ERR, > + "Invalid log block size: %u", > + le32_to_cpu(es->s_log_block_size)); > goto failed_mount; > } > > @@ -3699,6 +3707,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) > "block size (%d)", clustersize, blocksize); > goto failed_mount; > } > + if (le32_to_cpu(es->s_log_cluster_size) > > + (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) { > + ext4_msg(sb, KERN_ERR, > + "Invalid log cluster size: %u", > + le32_to_cpu(es->s_log_cluster_size)); > + goto failed_mount; > + } > sbi->s_cluster_bits = le32_to_cpu(es->s_log_cluster_size) - > le32_to_cpu(es->s_log_block_size); > sbi->s_clusters_per_group = > -- > 2.11.0.rc0.7.gbe5a750 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
