Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 76439ef70c52c140e58e25d13729dde8d72a65ac
commit76439ef70c52c140e58e25d13729dde8d72a65ac[log] [tgz]
authorTheodore Ts'o <tytso@mit.edu>Thu Jun 14 12:55:10 2018 -0400
committerchrmhoffmann <chrmhoffmann@gmail.com>Sat Feb 29 11:17:01 2020 +0100
tree192b9ab6878c5ff8093b5ec329f727cf0001711a
parentcdbc1a390314b6cc536df330465df33400418601 [diff]
ext4: verify the depth of extent tree in ext4_find_extent()

commit bc890a60247171294acc0bd67d211fa4b88d40ba upstream.

If there is a corupted file system where the claimed depth of the
extent tree is -1, this can cause a massive buffer overrun leading to
sadness.

This addresses CVE-2018-10877.

https://bugzilla.kernel.org/show_bug.cgi?id=199417

Issue: SEC-1679
Bug: 116406625
Change-Id: I899794d207d73c5f160e53d8f41bd37de6e69976
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
[bwh: Backported to 3.16: return -EIO instead of -EFSCORRUPTED]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 8a5902ee807b8d894428c9eb5e4303f39fd0f676)
2 files changed
tree: 192b9ab6878c5ff8093b5ec329f727cf0001711a
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS