Re: [PATCH] ocfs2: Add i_size check for dir

From: heming.zhao@xxxxxxxx
Date: Wed Aug 21 2024 - 02:17:00 EST

Next message: Dev Jain: "[PATCH v5 1/2] selftests: Rename sigaltstack to generic signal"
Previous message: Dev Jain: "[PATCH v5 0/2] Add test to distinguish between thread's signal mask and ucontext_t"
In reply to: Matthew Wilcox: "Re: [PATCH] ocfs2: Add i_size check for dir"
Next in thread: Edward Adam Davis: "Re: [PATCH] ocfs2: Add i_size check for dir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/20/24 22:59, Matthew Wilcox wrote:

On Tue, Aug 20, 2024 at 08:08:38PM +0800, Edward Adam Davis wrote:

When the i_size of dir is too large, it will cause limit to overflow and
be less than de_buf, ultimately resulting in last_de not being initialized
and causing uaf issue.
+ if (i_size_read(dir) > OCFS2_MAX_BLOCKSIZE)
+ return -EINVAL;

Surely directories can be more than one block in size?

The key point above is that the patch uses a hard code value, but in the real world,
the blocksize can be smaller than OCFS2_MAX_BLOCKSIZE.

-Heming

Next message: Dev Jain: "[PATCH v5 1/2] selftests: Rename sigaltstack to generic signal"
Previous message: Dev Jain: "[PATCH v5 0/2] Add test to distinguish between thread's signal mask and ucontext_t"
In reply to: Matthew Wilcox: "Re: [PATCH] ocfs2: Add i_size check for dir"
Next in thread: Edward Adam Davis: "Re: [PATCH] ocfs2: Add i_size check for dir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]