Re: [PATCH] ocfs2: Add i_size check for dir

From: Matthew Wilcox
Date: Tue Aug 20 2024 - 11:02:38 EST

Next message: Beleswar Prasad Padhi: "Re: [PATCH] remoteproc: k3-r5: Fix driver shutdown"
Previous message: Catalin Marinas: "Re: [PATCH v10 13/40] arm64/mm: Map pages for guarded control stack"
In reply to: Edward Adam Davis: "Re: [PATCH] ocfs2: Add i_size check for dir"
Next in thread: heming.zhao@xxxxxxxx: "Re: [PATCH] ocfs2: Add i_size check for dir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 20, 2024 at 08:08:38PM +0800, Edward Adam Davis wrote:
> When the i_size of dir is too large, it will cause limit to overflow and
> be less than de_buf, ultimately resulting in last_de not being initialized
> and causing uaf issue.
>
> + if (i_size_read(dir) > OCFS2_MAX_BLOCKSIZE)
> + return -EINVAL;

Surely directories can be more than one block in size?

Next message: Beleswar Prasad Padhi: "Re: [PATCH] remoteproc: k3-r5: Fix driver shutdown"
Previous message: Catalin Marinas: "Re: [PATCH v10 13/40] arm64/mm: Map pages for guarded control stack"
In reply to: Edward Adam Davis: "Re: [PATCH] ocfs2: Add i_size check for dir"
Next in thread: heming.zhao@xxxxxxxx: "Re: [PATCH] ocfs2: Add i_size check for dir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]