Re: A list of HFS+ kernel module bugs found in 4.18

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, thanks for the reports:

On Tue, Jul 10, 2018 at 08:12:35PM +0000, Xu, Wen wrote:
> Hi Ernesto,
> 
> I reported the following bugs weeks before but did not get and respond. I saw you commit patches for HFS+, so could you 
> please take a look on these issue?
> 
> Here are a list of bugs found in HFS+ filesystem by fuzzing. You can get the image and POC that cause kernel panic 
> in the following links:
> 
> 200299    Kernel panic because mount() hfsplus image does not always return correct value
> https://bugzilla.kernel.org/show_bug.cgi?id=200299

This was also found by syzbot a couple of months ago. It's already fixed
in the -mm tree if you want to test it.

> 200297	Kernel panic in hfsplus_lookup() when open a file in a corrupted hfs+ filesystem
> https://bugzilla.kernel.org/show_bug.cgi?id=200297
> 
> 200293	Out-of-bound access in hfsplus_bnode_read()
> https://bugzilla.kernel.org/show_bug.cgi?id=200293

I'll try to fix these two and get back to you. It may take a couple of days.

> 200295	BUG() in hfsplus_create_attributes_file() when calling setxattr()
> https://bugzilla.kernel.org/show_bug.cgi?id=200295
> 
> 200291	Kernel panic when invoking setxattr() on a hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200291
> 
> 200289	Kernel panic when calling setxattr() on a corrupted hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200289
> 
> 200287	Out-of-bound access in hfsplus_bnode_copy() when calling setxattr() on a corrupted hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200287
> 
> 200285	Out-of-bound access in hfsplus_bmap_alloc() when calling setxattr() on a corrupted hfs+ image
> https://bugzilla.kernel.org/show_bug.cgi?id=200285

The xattr implementation is a mess. I found many bugs myself just by
attempting to use it. I will take a look, but I can't promise to be able
to help. If it was up to me I would much rather get rid of xattr support
entirely, although I suppose somebody might be using it.

Ernest
 
> I would like to provide any further help to analyze the crashes and fix the bugs. I am also willing to test the patches.
> 
> Thanks,
> Wen
[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux