TechPanelGM/kernel_xiaomi_sm8250
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4be5be8e4dcb34c70ec4a50e5141354380e552dc
kernel_xiaomi_sm8250/fs/jfs
History
Artem Sadovnikov 4ea25fa874 jfs: xattr: check invalid xattr size more strictly 
commit d9f9d96136cba8fedd647d2c024342ce090133c2 upstream.

Commit 7c55b78818cf ("jfs: xattr: fix buffer overflow for invalid xattr")
also addresses this issue but it only fixes it for positive values, while
ea_size is an integer type and can take negative values, e.g. in case of
a corrupted filesystem. This still breaks validation and would overflow
because of implicit conversion from int to size_t in print_hex_dump().

Fix this issue by clamping the ea_size value instead.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Cc: stable@vger.kernel.org
Signed-off-by: Artem Sadovnikov <ancowi69@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-12-05 10:59:38 +01:00
..
acl.c
file.c
inode.c
jfs: prevent NULL deref in diFree
2022-04-15 14:15:04 +02:00
ioctl.c
jfs_acl.h
jfs_btree.h
jfs_debug.c
jfs_debug.h
jfs_dinode.h
jfs_discard.c
jfs: Fix uaf in dbFreeBits
2024-11-08 16:19:12 +01:00
jfs_discard.h
jfs_dmap.c
jfs: Fix sanity check in dbMount
2024-11-08 16:19:21 +01:00
jfs_dmap.h
jfs_dtree.c
jfs: fix slab-out-of-bounds Read in dtSearch
2024-02-23 08:12:44 +01:00
jfs_dtree.h
jfs_extent.c
jfs: validate max amount of blocks before allocation.
2023-09-23 10:48:06 +02:00
jfs_extent.h
jfs_filsys.h
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
2023-08-11 11:45:20 +02:00
jfs_imap.c
jfs: fix out-of-bounds in dbNextAG() and diAlloc()
2024-11-08 16:19:05 +01:00
jfs_imap.h
jfs_incore.h
jfs_inode.c
jfs_inode.h
jfs_lock.h
jfs_logmgr.c
jfs_logmgr.h
jfs_metapage.c
jfs_metapage.h
jfs_mount.c
jfs: fix uaf in jfs_evict_inode
2024-02-23 08:12:44 +01:00
jfs_superblock.h
jfs_txnmgr.c
FS: JFS: Check for read-only mounted filesystem in txBegin
2023-08-30 16:31:43 +02:00
jfs_txnmgr.h
jfs_types.h
jfs_umount.c
jfs_unicode.c
jfs_unicode.h
jfs_uniupr.c
jfs_xattr.h
jfs_xtree.c
jfs_xtree.h
Kconfig
Makefile
namei.c
FS: JFS: Fix null-ptr-deref Read in txBegin
2023-08-30 16:31:42 +02:00
resize.c
super.c
symlink.c
xattr.c
jfs: xattr: check invalid xattr size more strictly
2024-12-05 10:59:38 +01:00