[PATCH 0/2] ocfs2: add checks in ocfs2_xattr_find_entry() to avoid potential out-of-bound access.

From: Ferry Meng
Date: Wed May 15 2024 - 09:29:56 EST

Next message: Ferry Meng: "[PATCH 1/2] ocfs2: add bounds checking to ocfs2_xattr_find_entry()"
Previous message: Huang, Kai: "Re: [PATCH 08/16] KVM: x86/mmu: Bug the VM if kvm_zap_gfn_range() is called for TDX"
Next in thread: Ferry Meng: "[PATCH 1/2] ocfs2: add bounds checking to ocfs2_xattr_find_entry()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, all:

This patch series attempts to address a scenario where accessing user-defined
xattrs in a carefully crafted image can lead to out-of-bound access.(To speak
truthfully, I do not think this vehavior would occur under proper usage.)

In my testing environment, I constructed an OCFS2 image, created a file with
several user-defined xattrs(long name attributes, this will cause a "Non-INLINE"
xattr, which requires additional space for storage), and then forcibly modified
the xe_name_offset using a binary editing tool (e.g "hexedit"). Upon remounting
the image and running 'getfattr -d /path/to/file', this patchset was able to
detect "partial" malicious modification.

Comments and feedbacks are welcomed.

Ferry Meng (2):
ocfs2: add bounds checking to ocfs2_xattr_find_entry()
ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

fs/ocfs2/xattr.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)

--
2.32.0.3.g01195cf9f

Next message: Ferry Meng: "[PATCH 1/2] ocfs2: add bounds checking to ocfs2_xattr_find_entry()"
Previous message: Huang, Kai: "Re: [PATCH 08/16] KVM: x86/mmu: Bug the VM if kvm_zap_gfn_range() is called for TDX"
Next in thread: Ferry Meng: "[PATCH 1/2] ocfs2: add bounds checking to ocfs2_xattr_find_entry()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]