Re: [PATCH] ocfs2: Add i_size check for dir

From: heming.zhao@xxxxxxxx
Date: Wed Aug 21 2024 - 02:17:00 EST




On 8/20/24 22:59, Matthew Wilcox wrote:
On Tue, Aug 20, 2024 at 08:08:38PM +0800, Edward Adam Davis wrote:
When the i_size of dir is too large, it will cause limit to overflow and
be less than de_buf, ultimately resulting in last_de not being initialized
and causing uaf issue.
+ if (i_size_read(dir) > OCFS2_MAX_BLOCKSIZE)
+ return -EINVAL;

Surely directories can be more than one block in size?


The key point above is that the patch uses a hard code value, but in the real world,
the blocksize can be smaller than OCFS2_MAX_BLOCKSIZE.

-Heming