[PATCH v2 3/3] debugfs/e2fsck: check bad s_head block number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Zhang Yi <yi.zhang@xxxxxxxxxx>

Check s_head in the journal superblock and fix it if this value is out
of bounds.

Signed-off-by: Zhang Yi <yi.zhang@xxxxxxxxxx>
---
 debugfs/journal.c | 5 +++++
 e2fsck/journal.c  | 9 +++++++++
 2 files changed, 14 insertions(+)

diff --git a/debugfs/journal.c b/debugfs/journal.c
index 5bc7552d..1eef3bca 100644
--- a/debugfs/journal.c
+++ b/debugfs/journal.c
@@ -631,6 +631,11 @@ static errcode_t ext2fs_journal_load(journal_t *journal)
 	else if (ntohl(jsb->s_maxlen) > journal->j_total_len)
 		return EXT2_ET_CORRUPT_JOURNAL_SB;
 
+	if (jsb->s_head != 0 &&
+	    (ntohl(jsb->s_head) < ntohl(jsb->s_first) ||
+	     ntohl(jsb->s_head) >= journal->j_total_len))
+		return EXT2_ET_CORRUPT_JOURNAL_SB;
+
 	journal->j_tail_sequence = ntohl(jsb->s_sequence);
 	journal->j_transaction_sequence = journal->j_tail_sequence;
 	journal->j_tail = ntohl(jsb->s_start);
diff --git a/e2fsck/journal.c b/e2fsck/journal.c
index 8950446f..4b9f00ce 100644
--- a/e2fsck/journal.c
+++ b/e2fsck/journal.c
@@ -1374,6 +1374,15 @@ static errcode_t e2fsck_journal_load(journal_t *journal)
 		return EXT2_ET_CORRUPT_JOURNAL_SB;
 	}
 
+	if (jsb->s_head != 0 &&
+	    (ntohl(jsb->s_head) < ntohl(jsb->s_first) ||
+	     ntohl(jsb->s_head) >= journal->j_total_len)) {
+		com_err(ctx->program_name, EXT2_ET_CORRUPT_JOURNAL_SB,
+			_("%s, journal head out of bounds\n"),
+			ctx->device_name);
+		return EXT2_ET_CORRUPT_JOURNAL_SB;
+	}
+
 	journal->j_tail_sequence = ntohl(jsb->s_sequence);
 	journal->j_transaction_sequence = journal->j_tail_sequence;
 	journal->j_tail = ntohl(jsb->s_start);
-- 
2.31.1




[Index of Archives]     [Reiser Filesystem Development]     [Ceph FS]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite National Park]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]     [Linux Media]

  Powered by Linux