linux/fs/ext4
Eric Biggers d7614cc161 ext4: correctly detect when an xattr value has an invalid size
It was possible for an xattr value to have a very large size, which
would then pass validation on 32-bit architectures due to a pointer
wraparound.  Fix this by validating the size in a way which avoids
pointer wraparound.

It was also possible that a value's size would fit in the available
space but its padded size would not.  This would cause an out-of-bounds
memory write in ext4_xattr_set_entry when replacing the xattr value.
For example, if an xattr value of unpadded size 253 bytes went until the
very end of the inode or block, then using setxattr(2) to replace this
xattr's value with 256 bytes would cause a write to the 3 bytes past the
end of the inode or buffer, and the new xattr value would be incorrectly
truncated.  Fix this by requiring that the padded size fit in the
available space rather than the unpadded size.

This patch shouldn't have any noticeable effect on
non-corrupted/non-malicious filesystems.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2016-12-01 14:57:29 -05:00
..
acl.c ext4: use current_time() for inode timestamps 2016-11-14 21:40:10 -05:00
acl.h
balloc.c The major change this cycle is deleting ext4's copy of the file system 2016-07-26 18:35:55 -07:00
bitmap.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
block_validity.c ext4: add missing KERN_CONT to a few more debugging uses 2016-10-15 09:57:31 -04:00
dir.c ext4: remove unused variable 2016-09-30 02:14:56 -04:00
ext4_extents.h ext4: fix misspellings in comments. 2016-03-09 23:49:05 -05:00
ext4_jbd2.c ext4: fix potential use after free in __ext4_journal_stop 2015-10-17 22:57:06 -04:00
ext4_jbd2.h ext4: optimize ext4_should_retry_alloc() to improve ENOSPC performance 2016-06-26 18:24:01 -04:00
ext4.h ext4: get rid of ext4_sb_has_crypto() 2016-12-01 11:54:18 -05:00
extents_status.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
extents_status.h ext4: move procfs registration code to fs/ext4/sysfs.c 2015-09-23 12:46:17 -04:00
extents.c ext4: use current_time() for inode timestamps 2016-11-14 21:40:10 -05:00
file.c ext4: convert DAX faults to iomap infrastructure 2016-11-20 18:51:24 -05:00
fsync.c ext4: cleanup ext4_sync_parent() 2016-09-05 23:21:43 -04:00
hash.c ext4: remove unused header files 2015-04-02 23:47:42 -04:00
ialloc.c ext4: avoid lockdep warning when inheriting encryption context 2016-11-21 11:52:44 -05:00
indirect.c ext4: refactor direct IO code 2016-05-13 00:44:16 -04:00
inline.c ext4: only set S_DAX if DAX is really supported 2016-11-20 17:32:59 -05:00
inode.c ext4: don't read out of bounds when checking for in-inode xattrs 2016-12-01 14:51:58 -05:00
ioctl.c ext4: disable pwsalt ioctl when encryption disabled by config 2016-12-01 11:55:51 -05:00
Kconfig ext4: Add select for CONFIG_FS_IOMAP 2016-11-22 23:21:58 -05:00
Makefile ext4 crypto: migrate into vfs's crypto engine 2016-07-10 14:01:03 -04:00
mballoc.c ext4: fix stack memory corruption with 64k block size 2016-11-14 21:26:26 -05:00
mballoc.h ext4: add missing KERN_CONT to a few more debugging uses 2016-10-15 09:57:31 -04:00
migrate.c ext4: fix misspellings in comments. 2016-03-09 23:49:05 -05:00
mmp.c fs: have submit_bh users pass in op and flags separately 2016-06-07 13:41:38 -06:00
move_extent.c ext4: enforce online defrag restriction for encrypted files 2016-08-29 15:45:11 -04:00
namei.c ext4: use current_time() for inode timestamps 2016-11-14 21:40:10 -05:00
page-io.c fscrypt: Let fs select encryption index/tweak 2016-11-13 20:18:16 -05:00
readpage.c Merge branch 'akpm' (patches from Andrew) 2016-07-26 19:55:54 -07:00
resize.c ext4: remove trailing \n from ext4_warning/ext4_error calls 2016-04-27 01:11:21 -04:00
super.c ext4: fix mmp use after free during unmount 2016-11-26 14:24:51 -05:00
symlink.c Merge branch 'work.xattr' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-10 17:11:50 -07:00
sysfs.c ext4: do not advertise encryption support when disabled 2016-10-12 23:24:51 -04:00
truncate.h ext4: fix races between page faults and hole punching 2015-12-07 14:28:03 -05:00
xattr_security.c switch xattr_handler->set() to passing dentry and inode separately 2016-05-27 15:39:43 -04:00
xattr_trusted.c switch xattr_handler->set() to passing dentry and inode separately 2016-05-27 15:39:43 -04:00
xattr_user.c switch xattr_handler->set() to passing dentry and inode separately 2016-05-27 15:39:43 -04:00
xattr.c ext4: correctly detect when an xattr value has an invalid size 2016-12-01 14:57:29 -05:00
xattr.h ext4: reserve xattr index for the Hurd 2016-07-31 23:38:36 -04:00